Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0256

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-0256
Last Modified 29 Jan 2009 12:00:00
Published 22 Jan 2009 06:30:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0256

Summary

Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.

Vulnerable Systems

Application

  • Typo3 4.0

  • Typo3 4.0.1

  • Typo3 4.0.2

  • Typo3 4.0.3

  • Typo3 4.0.4

  • Typo3 4.0.5

  • Typo3 4.0.6

  • Typo3 4.0.7

  • Typo3 4.0.8

  • Typo3 4.0.9

  • Typo3 4.1.0

  • Typo3 4.1.1

  • Typo3 4.1.2

  • Typo3 4.1.3

  • Typo3 4.1.4

  • Typo3 4.1.5

  • Typo3 4.1.6

  • Typo3 4.1.7

  • Typo3 4.2.0

  • Typo3 4.2.1

  • Typo3 4.2.2

  • Typo3 4.2.3


References

XF - typo3-library-session-hijacking(48133)

BID - 33376

DEBIAN - DSA-1711

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/

SECUNIA - 33679

SECUNIA - 33617


Last Updated: 27 May 2016 10:50:10