Test Kennung:	1.3.6.1.4.1.25623.1.0.803990
Kategorie:	Web application abuses
Titel:	TYPO3 Multiple Vulnerabilities Oct09
Zusammenfassung:	This host is installed with TYPO3 and is prone to multiple vulnerabilities.
Beschreibung:	Summary: This host is installed with TYPO3 and is prone to multiple vulnerabilities. Vulnerability Insight: Multiple errors exist in the application: - Multiple errors in Backend subcomponent, which fails to validate user supplied input properly. - An error exists in Frontend Editing, which fails to sanitize URL parameters properly. - An error exists in API function t3lib_div::quoteJSvalue, which fails to validate user supplied input properly. - Multiple errors exist in Install Tool, which allows login with know md5 hash of Install Tool password. Vulnerability Impact: Successful exploitation will allow remote attackers to steal the victim's cookie-based authentication credentials or execute arbitrary code. Affected Software/OS: TYPO3 versions 4.0.13 and below, 4.1.0 to 4.1.12, 4.2.0 to 4.2.9 and 4.3.0beta1 Solution: Upgrade to TYPO3 version 4.1.13, 4.2.10, 4.3beta2 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C
Querverweis:	BugTraq ID: 36801 Common Vulnerability Exposure (CVE) ID: CVE-2009-3628 http://www.securityfocus.com/bid/36801 http://marc.info/?l=oss-security&m=125632856206736&w=2 http://secunia.com/advisories/37122 http://www.vupen.com/english/advisories/2009/3009 XForce ISS Database: typo3-ttcontent-info-disclosure(53917) https://exchange.xforce.ibmcloud.com/vulnerabilities/53917 Common Vulnerability Exposure (CVE) ID: CVE-2009-3629 http://marc.info/?l=oss-security&m=125633199111438&w=2 XForce ISS Database: typo3-backend-xss(53918) https://exchange.xforce.ibmcloud.com/vulnerabilities/53918 Common Vulnerability Exposure (CVE) ID: CVE-2009-3630 XForce ISS Database: typo3-url-hijacking(53920) https://exchange.xforce.ibmcloud.com/vulnerabilities/53920 Common Vulnerability Exposure (CVE) ID: CVE-2009-3631 XForce ISS Database: typo3-uploads-command-execution(53923) https://exchange.xforce.ibmcloud.com/vulnerabilities/53923 Common Vulnerability Exposure (CVE) ID: CVE-2009-3632 XForce ISS Database: typo3-editing-sql-injection(53924) https://exchange.xforce.ibmcloud.com/vulnerabilities/53924 Common Vulnerability Exposure (CVE) ID: CVE-2009-3633 XForce ISS Database: typo3-t3libdivquotejsvalue-xss(53925) https://exchange.xforce.ibmcloud.com/vulnerabilities/53925 Common Vulnerability Exposure (CVE) ID: CVE-2009-3635 XForce ISS Database: typo3-installtool-auth-bypass(53928) https://exchange.xforce.ibmcloud.com/vulnerabilities/53928 Common Vulnerability Exposure (CVE) ID: CVE-2009-3636 XForce ISS Database: typo3-installtool-xss(53929) https://exchange.xforce.ibmcloud.com/vulnerabilities/53929
Copyright	Copyright (C) 2013 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.