Summary
This host is installed with TYPO3 and is prone to file upload and cross site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code and script code.
Impact Level: System/Application
Solution
Upgrade to TYPO3 version 4.0.9 or 4.1.7 or 4.2.1 or later, or apply the patch mentioned in the below link
http://typo3.org/teams/security/security-bulletins/typo3-core/TYPO3-20080611-1
Insight
Multiple error exists in the application,
- Insufficiently restrictive default fileDenyPattern for Apache which allows bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
- An error in fe_adminlib.inc which is not properly sanitised before being returned to the user
Affected
TYPO3 versions before 4.0.9, 4.1.0 to 4.1.7 and 4.2.0
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2008-2717, CVE-2008-2718 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- Apache ActiveMQ 'Cron Jobs' Cross Site Scripting Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Apache Archiva Cross Site Request Forgery Vulnerability
- Apache Tomcat source.jsp malformed request information disclosure
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities