CVE-2011-4305 | Vulnerability Database | Aqua Security

message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing.

Affected Software

Name	Vendor	Start Version	End Version
Moodle	Moodle	1.9.1 (including)	1.9.1 (including)
Moodle	Moodle	1.9.2 (including)	1.9.2 (including)
Moodle	Moodle	1.9.3 (including)	1.9.3 (including)
Moodle	Moodle	1.9.4 (including)	1.9.4 (including)
Moodle	Moodle	1.9.5 (including)	1.9.5 (including)
Moodle	Moodle	1.9.6 (including)	1.9.6 (including)
Moodle	Moodle	1.9.7 (including)	1.9.7 (including)
Moodle	Moodle	1.9.8 (including)	1.9.8 (including)
Moodle	Moodle	1.9.9 (including)	1.9.9 (including)
Moodle	Moodle	1.9.10 (including)	1.9.10 (including)
Moodle	Moodle	1.9.11 (including)	1.9.11 (including)
Moodle	Moodle	1.9.12 (including)	1.9.12 (including)
Moodle	Moodle	1.9.13 (including)	1.9.13 (including)

References

http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=97f258fabb3ebfa7acc7c02cb59de92b01710f99
http://moodle.org/mod/forum/discuss.php?d=188318
https://bugzilla.redhat.com/show_bug.cgi?id=747444

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4305
CWE	https://cwe.mitre.org/data/definitions/189.html