 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.804201 |
| Categoría: | Web application abuses |
| Título: | TYPO3 Multiple Vulnerabilities (Aug 2012) |
| Resumen: | TYPO3 is prone to multiple vulnerabilities. |
| Descripción: | Summary: TYPO3 is prone to multiple vulnerabilities. Vulnerability Insight: Multiple errors exist in the application: - An error exists in backend help system, which misses a signature (HMAC) for a parameter in the view_help.php file. - An error exists in the application, which fails to HTML-encode user input in several places - An error exists in typo3 backend, which exposes Encryption Key when configuration module is accessed. - An error exists in API method t3lib_div::RemoveXSS(), which fails to filter specially crafted HTML injections. - An error exists in Install Tool, which fails to sanitize user input properly. Vulnerability Impact: Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials or get sensitive information. Affected Software/OS: TYPO3 version 4.5.0 up to 4.5.18, 4.6.0 up to 4.6.11, 4.7.0 up to 4.7.3 Solution: Upgrade to TYPO3 version 4.5.19, 4.6.12, 4.7.4 or later. CVSS Score: 4.6 CVSS Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-3527 Debian Security Information: DSA-2537 (Google Search) http://www.debian.org/security/2012/dsa-2537 http://www.openwall.com/lists/oss-security/2012/08/22/8 http://osvdb.org/84773 http://secunia.com/advisories/50287 XForce ISS Database: typo3-viewhelp-code-exec(77791) https://exchange.xforce.ibmcloud.com/vulnerabilities/77791 Common Vulnerability Exposure (CVE) ID: CVE-2012-3528 http://osvdb.org/84771 XForce ISS Database: typo3-backend-unspec-xss(77792) https://exchange.xforce.ibmcloud.com/vulnerabilities/77792 Common Vulnerability Exposure (CVE) ID: CVE-2012-3529 http://osvdb.org/84775 XForce ISS Database: typo3-config-module-info-disc(77793) https://exchange.xforce.ibmcloud.com/vulnerabilities/77793 Common Vulnerability Exposure (CVE) ID: CVE-2012-3530 http://osvdb.org/84772 XForce ISS Database: typo3-html5-xss(77794) https://exchange.xforce.ibmcloud.com/vulnerabilities/77794 Common Vulnerability Exposure (CVE) ID: CVE-2012-3531 XForce ISS Database: typo3-installtool-unspecified-xss(78888) https://exchange.xforce.ibmcloud.com/vulnerabilities/78888 |
| Copyright | Copyright (C) 2014 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |