1
Candidate: CVE-2011-1406
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1406
6
Mahara before 1.3.6 does not properly handle an https URL in the wwwroot
7
configuration setting, which makes it easier for user-assisted remote
8
attackers to obtain credentials by sniffing the network at a time when an
9
http URL is used for a login.
13
https://bugs.launchpad.net/ubuntu/+source/mahara/+bug/780917
19
upstream_mahara: released (1.3.6)
22
lucid_mahara: released (1.2.4-1ubuntu0.3)
23
maverick_mahara: released (1.2.5-2ubuntu0.2)
24
natty_mahara: released (1.2.7-1ubuntu0.1)
25
devel_mahara: not-affected (1.3.6-1)