Web application abuses : TYPO3 Multiple Vulnerabilities (Jan 2009)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.803988

Categoría: Web application abuses

Título: TYPO3 Multiple Vulnerabilities (Jan 2009)

Resumen: TYPO3 is prone to multiple vulnerabilities.

Descripción: Summary:
TYPO3 is prone to multiple vulnerabilities.

Vulnerability Insight:
Multiple errors exist in the application:
- An error exists in Indexed Search Engine system extension which fails to
validate user-supplied input properly.
- An error exists in session tokens, which is caused by the improper validation.
- An error exists in Workspace module which fails to validate user-supplied
input properly.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code or steal the victim's cookie-based authentication credentials.

Affected Software/OS:
TYPO3 versions 4.0.0 to 4.0.9, 4.1.0 to 4.1.7, 4.2.0 to 4.2.3

Solution:
Upgrade to TYPO3 version 4.0.10, 4.1.8, 4.2.4 or later.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0255
BugTraq ID: 33376
http://www.securityfocus.com/bid/33376
Debian Security Information: DSA-1711 (Google Search)
http://www.debian.org/security/2009/dsa-1711
http://secunia.com/advisories/33617
http://secunia.com/advisories/33679
XForce ISS Database: typo3-installtool-weak-security(48132)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48132
Common Vulnerability Exposure (CVE) ID: CVE-2009-0256
XForce ISS Database: typo3-library-session-hijacking(48133)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48133
Common Vulnerability Exposure (CVE) ID: CVE-2009-0257
XForce ISS Database: typo3-adodb-xss(48137)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48137
XForce ISS Database: typo3-indexedsearchengine-xss(48135)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48135
XForce ISS Database: typo3-workspace-xss(48136)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48136
Common Vulnerability Exposure (CVE) ID: CVE-2009-0258
http://www.openwall.com/lists/oss-security/2009/01/23/4
XForce ISS Database: typo3-indexedsearch-command-execution(48138)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48138

Copyright Copyright (C) 2013 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.803988
Categoría:	Web application abuses
Título:	TYPO3 Multiple Vulnerabilities (Jan 2009)
Resumen:	TYPO3 is prone to multiple vulnerabilities.
Descripción:	Summary: TYPO3 is prone to multiple vulnerabilities. Vulnerability Insight: Multiple errors exist in the application: - An error exists in Indexed Search Engine system extension which fails to validate user-supplied input properly. - An error exists in session tokens, which is caused by the improper validation. - An error exists in Workspace module which fails to validate user-supplied input properly. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary code or steal the victim's cookie-based authentication credentials. Affected Software/OS: TYPO3 versions 4.0.0 to 4.0.9, 4.1.0 to 4.1.7, 4.2.0 to 4.2.3 Solution: Upgrade to TYPO3 version 4.0.10, 4.1.8, 4.2.4 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0255 BugTraq ID: 33376 http://www.securityfocus.com/bid/33376 Debian Security Information: DSA-1711 (Google Search) http://www.debian.org/security/2009/dsa-1711 http://secunia.com/advisories/33617 http://secunia.com/advisories/33679 XForce ISS Database: typo3-installtool-weak-security(48132) https://exchange.xforce.ibmcloud.com/vulnerabilities/48132 Common Vulnerability Exposure (CVE) ID: CVE-2009-0256 XForce ISS Database: typo3-library-session-hijacking(48133) https://exchange.xforce.ibmcloud.com/vulnerabilities/48133 Common Vulnerability Exposure (CVE) ID: CVE-2009-0257 XForce ISS Database: typo3-adodb-xss(48137) https://exchange.xforce.ibmcloud.com/vulnerabilities/48137 XForce ISS Database: typo3-indexedsearchengine-xss(48135) https://exchange.xforce.ibmcloud.com/vulnerabilities/48135 XForce ISS Database: typo3-workspace-xss(48136) https://exchange.xforce.ibmcloud.com/vulnerabilities/48136 Common Vulnerability Exposure (CVE) ID: CVE-2009-0258 http://www.openwall.com/lists/oss-security/2009/01/23/4 XForce ISS Database: typo3-indexedsearch-command-execution(48138) https://exchange.xforce.ibmcloud.com/vulnerabilities/48138
Copyright	Copyright (C) 2013 Greenbone AG