Summary
This host is installed with TYPO3 and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to easily gain access to a users session and gain access to potentially sensitive information.
Impact Level: Application
Solution
Upgrade to TYPO3 6.2.3 or later,
For updates refer to http://typo3.org
Insight
The flaws are due to,
- An error in the authentication subcomponent that is triggered as the program fails to invalidate user's sessions that have timed out.
- The program fails to honor user groups of logged in users when caching queries.
Affected
TYPO3 versions 6.2.0 to 6.2.2
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-3944, CVE-2014-3946 -
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Apache Tomcat Login Constraints Security Bypass Vulnerability
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- Allaire JRun directory browsing vulnerability
- appRain CMF 'uploadify.php' Remote Arbitrary File Upload Vulnerability