Multiple vulnerabilities in TYPO3 Core

Overview :
Multiple flaws was discovered in TYPO3 Core
Affected Product(s) :
  • TYPO3 versions 4.1.13 and below, 4.2.12 and below, 4.3.3 and below, 4.4
Vulnerability Details :
CVE ID : CVE-2010-3669
Vulnerability Type: Open Redirection, Cross-Site Scripting

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C (What’s that?)

Problem Description: Failing to sanitize user input the frontend login box is susceptible to Open Redirection and Cross-Site scripting.

Solution: Update to the TYPO3 versions 4.2.13, 4.3.4 or 4.4.1 that fix the problem described. Versions 4.1.x are not affected due to the lack of the felogin system extension.

CVE ID : CVE-2010-3668
Vulnerability Type: Header Injection

Severity: Low/High (depending on the PHP version used)

Suggested CVSS v2.0: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C (What’s that?)

Problem Description: Failing to sanitize user input, secure download feature (jumpurl) of TYPO3 is susceptible to header injection / manipulation.

Note: Since PHP versions 4.4.2 or higher and 5.1.2 or higher it is no longer possible to send more than one header at once. This mitigates the impact of this vulnerability, making it only possible to spoof the mime type of the download.

Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described.

CVE ID : CVE-2010-3667
Vulnerability Type: Spam Abuse

Severity: High

Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:N/I:N/A:N/E:POC/RL:OF/RC:C (What’s that?)

Problem Description: Failing to check the for valid parameters, the native form content element is susceptible to spam abuse. An attacker could abuse the form to send mails to arbitrary email addresses.

Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described.

CVE ID : CVE-2010-3666
Vulnerability Type: Insecure Randomness

Severity: High

Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C (What’s that?)

Problem Description: The “forgot password” function generates a hash which is verified to authenticate the password change request. Because of very low randomness while generating the hash, especially on Windows systems, brute forcing the hash value is possible in a short timeframe.

Solution: Update to the TYPO3 versions 4.3.4 or 4.4.1 that fix the problem described. Versions 4.1.x and 4.2.x are not affected due to the lack of this functionality.

CVE ID : CVE-2010-3665
Vulnerability Type: Information Disclosure/ Cross-Site Scripting

Severity: Low

Suggested CVSS v2.0: AV:N/AC:H/Au:M/C:C/I:C/A:C/E:U/RL:OF/RC:C (What’s that?)

Problem Description: Failing to properly validate and escape user input, the Extension Manager is susceptible to XSS. Additionally by forging a special request parameter it is possible to view (and edit under special conditions) the contents of every file the webserver has access to. A valid admin user login is requred to exploit this vulnerability.

Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described.

CVE ID : CVE-2010-3664
Vulnerability Type: Information Disclosure

Severity: Low

Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C (What’s that?)

Problem Description: If an extension with a defective backend module is installed, TYPO3 will issue a error message which reveals the complete path to the web root.

Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described.

CVE ID : CVE-2010-3663
Vulnerability Type: Insecure Randomness

Severity: Very Low

Suggested CVSS v2.0: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C (What’s that?)

Problem Description: As a precaution to PHP’s weak randomness in the uniqid() function, the random byte generation function t3lib_div::generateRandomBytes() has been vastly improved, especially for Windows systems. In addition TYPO3 now uses this function to generate a session id for frontend and backend authentication instead of PHP’s uniqid().

Note: Nevertheless the probability of guessing the session id was very low even before this improvement.

Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described.

CVE ID : CVE-2010-3662
Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C (What’s that?)

Problem Description: Failing to properly escape user input for a database query, some backend record editing forms are susceptible to SQL injections. This is only exploitable by an editor who have the right to edit records which have a special “where” query definition in TCA or records which use the auto suggest feature available in TYPO3 versions 4.3 or higher.

Solution: Update to the TYPO3 versions 4.1.14, 4.2.13, 4.3.4 or 4.4.1 that fix the problem described.

Solution :

Update to the TYPO3 versions specified for each CVE ID‘s  in the description above

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2024-53490 : CLOUDFAVORITES FAVORITES-WEB 1.3.0 SECURITYFILTER.JAVA PATH TRAVERSAL

CVE-2024-53490 : CLOUDFAVORITES FAVORITES-WEB 1.3.0 SECURITYFILTER.JAVA PATH TRAVERSAL

Description Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java. References https://github.com/DYX217/directory-traversal For More Information CVERecord

CVE-2024-54679 : CYBERPANEL RESTARTMYSQL DENIAL OF SERVICE

CVE-2024-54679 : CYBERPANEL RESTARTMYSQL DENIAL OF SERVICE

Description CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. References https://github.com/usmannasir/cyberpanel/commit/6778ad1eaae41f72365da8fd021f9a60369600dc For More

CVE-2024-38829 : VMWARE SPRING LDAP UP TO 2.4.3/3.0.9/3.1.7/3.2.7 STRING.TOLOWERCASE/STRING.TOUPPERCASE CASE SENSITIVITY

CVE-2024-38829 : VMWARE SPRING LDAP UP TO 2.4.3/3.0.9/3.1.7/3.2.7 STRING.TOLOWERCASE/STRING.TOUPPERCASE CASE SENSITIVITY

Description A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons. This issue affects Spring LDAP: