Summary
This host is installed with TYPO3 and
is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow
remote attackers to poison the cache and conduct spoofing attacks.
Impact Level: Application.
Solution
Upgrade to TYPO3 version 4.5.39 or 6.2.9
or 7.0.2 or later. For updates refer to http://typo3.org
Insight
Multiple flaws exists due to,
- Certain input passed to the homepage is not properly sanitised before being used to generate anchor links.
- An error related to the 'config.prefixLocalAnchors' configuration option.
Affected
TYPO3 versions 4.5.x before 4.5.39, 4.6.x
through 6.2.x before 6.2.9, and 7.x before 7.0.2
Detection
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-9508, CVE-2014-9509 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
- AWCM CMS Multiple Remote File Include Vulnerabilities
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- ActivDesk Multiple Cross Site Scripting and SQL Injection Vulnerabilities
- ASP-Dev XM Event Diary Multiple Vulnerabilities