Miggo Logo

CVE-2015-0217: Moodle allows attackers to cause a denial of service

6.8

CVSS Score

Basic Information

EPSS Score
0.68223%
CWE
-
Published
5/13/2022
Updated
1/25/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
AV:N/AC:L/Au:S/C:N/I:N/A:C
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer< 2.6.72.6.7
moodle/moodlecomposer>= 2.7.0, < 2.7.42.7.4
moodle/moodlecomposer>= 2.8.0, < 2.8.22.8.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the original implementation of the filter method in filter.php, which directly applied a complex regex to the entire input via preg_replace_callback. The regex's structure (with nested quantifiers and ambiguous anchors) made it susceptible to ReDoS when processing maliciously crafted <a> tags. The commit explicitly addresses this by introducing input splitting and size checks, confirming the function's role in the vulnerability.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ilt*r/m**i*plu*in/*ilt*r.p*p in Moo*l* t*rou** *.*.*, *.*.x ***or* *.*.*, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.* *llows r*mot* *ut**nti**t** us*rs to **us* * **ni*l o* s*rvi** (*PU *onsumption or p*rti*l out***) vi* * *r**t** strin* t**t is m*t*

Reasoning

T** vuln*r**ility st*ms *rom t** ori*in*l impl*m*nt*tion o* t** *ilt*r m*t*o* in *ilt*r.p*p, w*i** *ir**tly *ppli** * *ompl*x r***x to t** *ntir* input vi* pr**_r*pl***_**ll***k. T** r***x's stru*tur* (wit* n*st** qu*nti*i*rs *n* *m*i*uous *n**ors) m