TYPO3 Multiple Vulnerabilities Jul13 Network Vulnerability

Summary

This host is installed with TYPO3 and is prone to multiple vulnerabilities.

Impact

Successful exploitation will allow remote attackers to get sensitive information or execute arbitary scripts. Impact Level: Application

Solution

Upgrade to TYPO3 version 4.3.4, 4.4.1 or later, For updates refer to, http://typo3.org/

Insight

Multiple error exists in the application, - An error exist in frontend login, which has very low randomness while generating the hash. - An error exist in the FLUID Templating Engine, which fails to escape the output.

Affected

TYPO3 version 4.3.4 below and 4.4.0

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/66867
http://osvdb.org/66869
http://secunia.com/advisories/40742
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-012

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Apache Tomcat HTTP BIO Connector Information Disclosure Vulnerability
/cgi-bin directory browsable ?
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
@Mail 'admin.php' Cross-Site Scripting Vulnerabilities
An Image Gallery Directory Traversal Vulnerability

Take action and discover your vulnerabilities