TYPO3 File Abstraction Layer Multiple Vulnerabilities Network Vulnerability

Summary

This host is installed with TYPO3 and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to execute arbitary code or read sensitive information. Impact Level: System/Application

Solution

Upgrade to TYPO3 version 6.0.9, 6.1.4 or later, For updates refer to, http://typo3.org/

Insight

An error exist in the File Abstraction Layer, which implements partial permissions for copying, deleting, and moving files and it does not properly handle denied file extension names that contain special characters.

Affected

TYPO3 version 6.0.0 to 6.0.8, 6.1.0 to 6.1.3

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/96915
http://secunia.com/advisories/54679/
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-4320, CVE-2013-4321

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

AbanteCart Multiple Cross-Site Scripting Vulnerabilities
Apache Commons Daemon 'jsvc' Information Disclosure Vulnerability
Allaire JRun directory browsing vulnerability
Apache Struts2/XWork Remote Command Execution Vulnerability
AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities

Take action and discover your vulnerabilities