Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0815

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-0815
Last Modified 27 Apr 2010 12:00:00
Published 04 Mar 2009 09:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0815

Summary

The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.

Vulnerable Systems

Application

  • Typo3 3.3.x

  • Typo3 3.5.x

  • Typo3 3.6.x

  • Typo3 3.7.x

  • Typo3 3.8.x

  • Typo3 4.0

  • Typo3 4.1

  • Typo3 4.1.0

  • Typo3 4.1.2

  • Typo3 4.1.3

  • Typo3 4.1.4

  • Typo3 4.1.5

  • Typo3 4.1.6

  • Typo3 4.1.7

  • Typo3 4.1.8

  • Typo3 4.1.9

  • Typo3 4.2

  • Typo3 4.2.0

  • Typo3 4.2.1

  • Typo3 4.2.2

  • Typo3 4.2.3

  • Typo3 4.2.4

  • Typo3 4.2.5

  • Typo3 4.3


References

DEBIAN - DSA-1720

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/

SECTRACK - 1021710

MLIST - [oss-security] 20090210 CVE request: typo3 xss (typo3-sa-2009-002)


Last Updated: 27 May 2016 10:50:22