Launchpad CVE tracker

CVE 2017-17455

Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before 17.10.2 are vulnerable to being forced, via a man-in-the-middle attack, to interact with Mahara on the HTTP protocol rather than HTTPS even when an SSL certificate is present.

Related bugs and status

CVE-2017-17455 (Candidate) is related to these bugs:

Bug #1734767: Mahara needing the HTTP Strict Transport Security (HSTS) header when site is https

		In	Importance	Status
1734767	Mahara needing the HTTP Strict Transport Security (HSTS) header when site is https	Mahara	High	Fix Released
1734767	Mahara needing the HTTP Strict Transport Security (HSTS) header when site is https	Mahara 17.10	High	Fix Released
1734767	Mahara needing the HTTP Strict Transport Security (HSTS) header when site is https	Mahara 18.04	High	Fix Released
1734767	Mahara needing the HTTP Strict Transport Security (HSTS) header when site is https	Mahara 16.10	High	Fix Released
1734767	Mahara needing the HTTP Strict Transport Security (HSTS) header when site is https	Mahara 17.04	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2017-17455

References