TYPO3 Multiple Vulnerabilities-02 July-2104 Network Vulnerability

Summary

This host is installed with TYPO3 and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to easily gain access to a users session and gain access to potentially sensitive information. Impact Level: Application

Solution

Upgrade to TYPO3 6.2.3 or later, For updates refer to http://typo3.org

Insight

The flaws are due to, - An error in the authentication subcomponent that is triggered as the program fails to invalidate user's sessions that have timed out. - The program fails to honor user groups of logged in users when caching queries.

Affected

TYPO3 versions 6.2.0 to 6.2.2

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/58901
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
http://www.osvdb.com/107333
http://www.osvdb.com/107336

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-3944, CVE-2014-3946

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
Apache Archiva Cross Site Request Forgery Vulnerability
Apache Continuum Cross Site Scripting Vulnerability
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
Ampache Reflected Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities