Multiple vulnerabilities in TYPO3 Core

Overview :
Multiple flaws was discovered in TYPO3 Core
Affected Product(s) :
  • TYPO3 versions 4.1.13 and below, 4.2.12 and below, 4.3.3 and below, 4.4
Vulnerability Details :
CVE ID : CVE-2010-3669
Vulnerability Type: Open Redirection, Cross-Site Scripting

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C (What’s that?)

Problem Description: Failing to sanitize user input the frontend login box is susceptible to Open Redirection and Cross-Site scripting.

Solution: Update to the TYPO3 versions 4.2.13, 4.3.4 or 4.4.1 that fix the problem described. Versions 4.1.x are not affected due to the lack of the felogin system extension.

CVE ID : CVE-2010-3668
Vulnerability Type: Header Injection

Severity: Low/High (depending on the PHP version used)

Suggested CVSS v2.0: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C (What’s that?)

Problem Description: Failing to sanitize user input, secure download feature (jumpurl) of TYPO3 is susceptible to header injection / manipulation.

Note: Since PHP versions 4.4.2 or higher and 5.1.2 or higher it is no longer possible to send more than one header at once. This mitigates the impact of this vulnerability, making it only possible to spoof the mime type of the download.

Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described.

CVE ID : CVE-2010-3667
Vulnerability Type: Spam Abuse

Severity: High

Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:N/I:N/A:N/E:POC/RL:OF/RC:C (What’s that?)

Problem Description: Failing to check the for valid parameters, the native form content element is susceptible to spam abuse. An attacker could abuse the form to send mails to arbitrary email addresses.

Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described.

CVE ID : CVE-2010-3666
Vulnerability Type: Insecure Randomness

Severity: High

Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C (What’s that?)

Problem Description: The “forgot password” function generates a hash which is verified to authenticate the password change request. Because of very low randomness while generating the hash, especially on Windows systems, brute forcing the hash value is possible in a short timeframe.

Solution: Update to the TYPO3 versions 4.3.4 or 4.4.1 that fix the problem described. Versions 4.1.x and 4.2.x are not affected due to the lack of this functionality.

CVE ID : CVE-2010-3665
Vulnerability Type: Information Disclosure/ Cross-Site Scripting

Severity: Low

Suggested CVSS v2.0: AV:N/AC:H/Au:M/C:C/I:C/A:C/E:U/RL:OF/RC:C (What’s that?)

Problem Description: Failing to properly validate and escape user input, the Extension Manager is susceptible to XSS. Additionally by forging a special request parameter it is possible to view (and edit under special conditions) the contents of every file the webserver has access to. A valid admin user login is requred to exploit this vulnerability.

Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described.

CVE ID : CVE-2010-3664
Vulnerability Type: Information Disclosure

Severity: Low

Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C (What’s that?)

Problem Description: If an extension with a defective backend module is installed, TYPO3 will issue a error message which reveals the complete path to the web root.

Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described.

CVE ID : CVE-2010-3663
Vulnerability Type: Insecure Randomness

Severity: Very Low

Suggested CVSS v2.0: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C (What’s that?)

Problem Description: As a precaution to PHP’s weak randomness in the uniqid() function, the random byte generation function t3lib_div::generateRandomBytes() has been vastly improved, especially for Windows systems. In addition TYPO3 now uses this function to generate a session id for frontend and backend authentication instead of PHP’s uniqid().

Note: Nevertheless the probability of guessing the session id was very low even before this improvement.

Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described.

CVE ID : CVE-2010-3662
Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C (What’s that?)

Problem Description: Failing to properly escape user input for a database query, some backend record editing forms are susceptible to SQL injections. This is only exploitable by an editor who have the right to edit records which have a special “where” query definition in TCA or records which use the auto suggest feature available in TYPO3 versions 4.3 or higher.

Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described.

Solution :

Update to the TYPO3 versions specified for each CVE ID‘s  in the description above

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-9632 : X.ORG X SERVER UP TO 21.1.13 BITMAP_XKBSETCOMPATMAP SYM_INTERPRET HEAP-BASED OVERFLOW

CVE-2024-9632 : X.ORG X SERVER UP TO 21.1.13 BITMAP_XKBSETCOMPATMAP SYM_INTERPRET HEAP-BASED OVERFLOW

Description A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker

CVE-2024-51568 : PSAUX CYBERPANEL UP TO 2.3.4 FILE MANAGER /FILEMANAGER/UPLOAD PROCESSUTILITIES.OUTPUTEXECUTIONER OS COMMAND INJECTION

CVE-2024-51568 : PSAUX CYBERPANEL UP TO 2.3.4 FILE MANAGER /FILEMANAGER/UPLOAD PROCESSUTILITIES.OUTPUTEXECUTIONER OS COMMAND INJECTION

Description CyberPanel (aka Cyber Panel) before 2.3.5 allows Command Injection via completePath in the ProcessUtilities.outputExecutioner() sink. There is /filemanager/upload (aka

CVE-2024-8923 : SERVICENOW NOW PLATFORM IMPROPER AUTHENTICATION

CVE-2024-8923 : SERVICENOW NOW PLATFORM IMPROPER AUTHENTICATION

Description ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an