Web application abuses : TYPO3 < 4.0 Path/Information Disclosure Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.803981

Categoría: Web application abuses

Título: TYPO3 < 4.0 Path/Information Disclosure Vulnerability

Resumen: TYPO3 is prone to path/information disclosure vulnerability.

Descripción: Summary:
TYPO3 is prone to path/information disclosure vulnerability.

Vulnerability Insight:
An error exists in the application which fails to properly
determine its own physical path and therefore trying to 'require()' a wrong class file.

Vulnerability Impact:
Successful exploitation will allow remote attackers to obtain
full installation path to the application.

Affected Software/OS:
TYPO3 version 3.7.1 and prior.

Solution:
Update to version 4.0 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2006-0327
Bugtraq: 20060119 IRM 015: File system path disclosure on TYPO3 Web Content Manager (Google Search)
http://www.securityfocus.com/archive/1/422360/100/0/threaded
Bugtraq: 20060119 Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager (Google Search)
http://www.securityfocus.com/archive/1/422390/100/0/threaded
http://bugs.typo3.org/view.php?id=2248
http://www.irmplc.com/advisory015.htm
http://www.osvdb.org/22665
http://www.osvdb.org/22666
http://www.osvdb.org/22667
http://secunia.com/advisories/18546
http://securityreason.com/securityalert/361
http://www.vupen.com/english/advisories/2006/0269
XForce ISS Database: typo3-multiple-path-disclosure(24244)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24244

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.803981
Categoría:	Web application abuses
Título:	TYPO3 < 4.0 Path/Information Disclosure Vulnerability
Resumen:	TYPO3 is prone to path/information disclosure vulnerability.
Descripción:	Summary: TYPO3 is prone to path/information disclosure vulnerability. Vulnerability Insight: An error exists in the application which fails to properly determine its own physical path and therefore trying to 'require()' a wrong class file. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain full installation path to the application. Affected Software/OS: TYPO3 version 3.7.1 and prior. Solution: Update to version 4.0 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2006-0327 Bugtraq: 20060119 IRM 015: File system path disclosure on TYPO3 Web Content Manager (Google Search) http://www.securityfocus.com/archive/1/422360/100/0/threaded Bugtraq: 20060119 Re: IRM 015: File system path disclosure on TYPO3 Web Content Manager (Google Search) http://www.securityfocus.com/archive/1/422390/100/0/threaded http://bugs.typo3.org/view.php?id=2248 http://www.irmplc.com/advisory015.htm http://www.osvdb.org/22665 http://www.osvdb.org/22666 http://www.osvdb.org/22667 http://secunia.com/advisories/18546 http://securityreason.com/securityalert/361 http://www.vupen.com/english/advisories/2006/0269 XForce ISS Database: typo3-multiple-path-disclosure(24244) https://exchange.xforce.ibmcloud.com/vulnerabilities/24244
Copyright	Copyright (C) 2013 Greenbone AG