Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1605

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-1605
Last Modified 05 Sep 2012 09:46:54
Published 04 Sep 2012 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1605

Summary

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."

Vulnerable Systems

Application

  • Typo3 4.6

  • Typo3 4.6.0

  • Typo3 4.6.1

  • Typo3 4.6.2

  • Typo3 4.6.3

  • Typo3 4.6.4

  • Typo3 4.6.5

  • Typo3 4.6.6

  • Typo3 4.7

  • Typo3 6.0


References

BID - 52771

OSVDB - 80759

MLIST - [oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/


Last Updated: 27 May 2016 11:00:27