Launchpad.net

CVE 2011-1406

Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login.

Related bugs and status

CVE-2011-1406 (Candidate) is related to these bugs:

Bug #685942: Possible https to http downgrade

		In	Importance	Status
685942	Possible https to http downgrade	Mahara	High	Fix Released
685942	Possible https to http downgrade	Mahara 1.2	High	Fix Released
685942	Possible https to http downgrade	Mahara 1.3	High	Fix Released

Bug #780917: Major security updates for Mahara

		In	Importance	Status
780917	Major security updates for Mahara	mahara (Ubuntu)	Undecided	Fix Released
780917	Major security updates for Mahara	mahara (Ubuntu Lucid)	High	Fix Released
780917	Major security updates for Mahara	mahara (Ubuntu Maverick)	High	Fix Released
780917	Major security updates for Mahara	mahara (Ubuntu Natty)	High	Fix Released
780917	Major security updates for Mahara	mahara (Ubuntu Oneiric)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-1406

Related bugs and status

Related bugs

References