Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0255

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-0255
Last Modified 29 Jan 2009 12:00:00
Published 22 Jan 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0255

Summary

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

Vulnerable Systems

Application

  • Typo3 4.0

  • Typo3 4.0.1

  • Typo3 4.0.2

  • Typo3 4.0.3

  • Typo3 4.0.4

  • Typo3 4.0.5

  • Typo3 4.0.6

  • Typo3 4.0.7

  • Typo3 4.0.8

  • Typo3 4.0.9

  • Typo3 4.1.0

  • Typo3 4.1.1

  • Typo3 4.1.2

  • Typo3 4.1.3

  • Typo3 4.1.4

  • Typo3 4.1.5

  • Typo3 4.1.6

  • Typo3 4.1.7

  • Typo3 4.2.0

  • Typo3 4.2.1

  • Typo3 4.2.2

  • Typo3 4.2.3


References

XF - typo3-installtool-weak-security(48132)

BID - 33376

DEBIAN - DSA-1711

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/

SECUNIA - 33679

SECUNIA - 33617


Last Updated: 27 May 2016 10:50:10