| CVE ID : |
CVE-2010-3669 |
|
Vulnerability Type: Open Redirection, Cross-Site Scripting
Severity: High
Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C (What’s that?)
Problem Description: Failing to sanitize user input the frontend login box is susceptible to Open Redirection and Cross-Site scripting.
Solution: Update to the TYPO3 versions 4.2.13, 4.3.4 or 4.4.1 that fix the problem described. Versions 4.1.x are not affected due to the lack of the felogin system extension. |
| CVE ID : |
CVE-2010-3668 |
|
Vulnerability Type: Header Injection
Severity: Low/High (depending on the PHP version used)
Suggested CVSS v2.0: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C (What’s that?)
Problem Description: Failing to sanitize user input, secure download feature (jumpurl) of TYPO3 is susceptible to header injection / manipulation.
Note: Since PHP versions 4.4.2 or higher and 5.1.2 or higher it is no longer possible to send more than one header at once. This mitigates the impact of this vulnerability, making it only possible to spoof the mime type of the download.
Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described. |
| CVE ID : |
CVE-2010-3667 |
|
Vulnerability Type: Spam Abuse
Severity: High
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:N/I:N/A:N/E:POC/RL:OF/RC:C (What’s that?)
Problem Description: Failing to check the for valid parameters, the native form content element is susceptible to spam abuse. An attacker could abuse the form to send mails to arbitrary email addresses.
Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described. |
| CVE ID : |
CVE-2010-3666 |
|
Vulnerability Type: Insecure Randomness
Severity: High
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C (What’s that?)
Problem Description: The “forgot password” function generates a hash which is verified to authenticate the password change request. Because of very low randomness while generating the hash, especially on Windows systems, brute forcing the hash value is possible in a short timeframe.
Solution: Update to the TYPO3 versions 4.3.4 or 4.4.1 that fix the problem described. Versions 4.1.x and 4.2.x are not affected due to the lack of this functionality. |
| CVE ID : |
CVE-2010-3665 |
|
Vulnerability Type: Information Disclosure/ Cross-Site Scripting
Severity: Low
Suggested CVSS v2.0: AV:N/AC:H/Au:M/C:C/I:C/A:C/E:U/RL:OF/RC:C (What’s that?)
Problem Description: Failing to properly validate and escape user input, the Extension Manager is susceptible to XSS. Additionally by forging a special request parameter it is possible to view (and edit under special conditions) the contents of every file the webserver has access to. A valid admin user login is requred to exploit this vulnerability.
Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described. |
| CVE ID : |
CVE-2010-3664 |
|
Vulnerability Type: Information Disclosure
Severity: Low
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C (What’s that?)
Problem Description: If an extension with a defective backend module is installed, TYPO3 will issue a error message which reveals the complete path to the web root.
Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described. |
| CVE ID : |
CVE-2010-3663 |
|
Vulnerability Type: Insecure Randomness
Severity: Very Low
Suggested CVSS v2.0: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C (What’s that?)
Problem Description: As a precaution to PHP’s weak randomness in the uniqid() function, the random byte generation function t3lib_div::generateRandomBytes() has been vastly improved, especially for Windows systems. In addition TYPO3 now uses this function to generate a session id for frontend and backend authentication instead of PHP’s uniqid().
Note: Nevertheless the probability of guessing the session id was very low even before this improvement.
Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described. |
| CVE ID : |
CVE-2010-3662 |
|
Vulnerability Type: SQL Injection
Severity: High
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C (What’s that?)
Problem Description: Failing to properly escape user input for a database query, some backend record editing forms are susceptible to SQL injections. This is only exploitable by an editor who have the right to edit records which have a special “where” query definition in TCA or records which use the auto suggest feature available in TYPO3 versions 4.3 or higher.
Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described. |
