Summary
This host is installed with TYPO3 and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow remote attackers to obtain sensitive environment variables information or may lead to DoS.
Impact Level: Application
Solution
Upgrade to TYPO3 version 3.8.1 or later,
For updates refer to, http://typo3.org/
Insight
Multiple error exists in the application,
- An error exists in debug script which executes phpinfo() function, which makes environment variables world readable.
- An error exists in TYPO3 Page Cache.
- An error exists in config.baseURL, which could be used to spoof a malicious baseURL into your TYPO3 cache.
- An error exists in TYPO3 Install Tool, which does not generate a secure encryptionKey
- An error exists in showpic.php, which fails to sanatize user inputs properly.
- An error exists in application, which does not forbidden access to "fileadmin/_temp_/" directory
Affected
TYPO3 version before 3.8.1
Detection
Send a Crafted HTTP GET request and check whether it is able to get sensitive information.
References
- http://osvdb.org/20936
- http://osvdb.org/45059
- http://osvdb.org/45061
- http://osvdb.org/74094
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-20051114-1
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-20051114-2
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-20051114-4
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-20051114-5
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-20051114-6
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-20051114-7
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2005-4875 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- 'research_display.php' SQL Injection Vulnerability
- AlienVault OSSIM 'date_from' Parameter Multiple SQL Injection Vulnerabilities
- Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
- Atlassian JIRA Privilege Escalation and Multiple Cross Site Scripting Vulnerabilities
- A-A-S Application Access Server Multiple Vulnerabilities