TYPO3 Multiple Vulnerabilities-01 Jan-2015 (SA-2014-003) Network Vulnerability

Summary

This host is installed with TYPO3 and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to poison the cache and conduct spoofing attacks. Impact Level: Application.

Solution

Upgrade to TYPO3 version 4.5.39 or 6.2.9 or 7.0.2 or later. For updates refer to http://typo3.org

Insight

Multiple flaws exists due to, - Certain input passed to the homepage is not properly sanitised before being used to generate anchor links. - An error related to the 'config.prefixLocalAnchors' configuration option.

Affected

TYPO3 versions 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/115852
http://osvdb.org/115853
http://secunia.com/advisories/60371
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9508, CVE-2014-9509

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

A Really Simple Chat Multiple SQL Injection Vulnerabilities
Agora CGI Cross Site Scripting
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
ASP Inline Corporate Calendar SQL injection
ATutor password reminder SQL injection

Take action and discover your vulnerabilities