Lucene search
MitreCVE-2009-0815HistoryMar 05, 2009 - 2:30 a.m.
CVE-2009-0815
2009-03-0502:30:00
CWE-200
mitre
web.nvd.nist.gov
35
cve-2009-0815
typo3
class.tslib_fe.php
security vulnerability
remote code execution
nvd
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0.184
Percentile
96.3%
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
Affected configurations
Node
typo3typo3Match3.3.x
ORtypo3typo3Match3.5.x
ORtypo3typo3Match3.6.x
ORtypo3typo3Match3.7.x
ORtypo3typo3Match3.8.x
ORtypo3typo3Match4.0
ORtypo3typo3Match4.1
ORtypo3typo3Match4.1.0
ORtypo3typo3Match4.1.2
ORtypo3typo3Match4.1.3
ORtypo3typo3Match4.1.4
ORtypo3typo3Match4.1.5
ORtypo3typo3Match4.1.6
ORtypo3typo3Match4.1.7
ORtypo3typo3Match4.1.8
ORtypo3typo3Match4.1.9
ORtypo3typo3Match4.2
ORtypo3typo3Match4.2.0
ORtypo3typo3Match4.2.1
ORtypo3typo3Match4.2.2
ORtypo3typo3Match4.2.3
ORtypo3typo3Match4.2.4
ORtypo3typo3Match4.2.5
ORtypo3typo3Match4.3alpha1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| typo3 | typo3 | 3.3.x | cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:* |
| typo3 | typo3 | 3.5.x | cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:* |
| typo3 | typo3 | 3.6.x | cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:* |
| typo3 | typo3 | 3.7.x | cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:* |
| typo3 | typo3 | 3.8.x | cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0 | cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.1 | cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.1.0 | cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.1.2 | cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.1.3 | cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:* |
Related
metasploit
metasploit
Typo3 sa-2009-002 File Disclosure
2009-03-15 02:32:34
prion
prion
Cross site request forgery (csrf)
2009-03-05 02:30:00
cvelist
cvelist
CVE-2009-0815
2009-03-05 02:00:00
nvd
nvd
CVE-2009-0815
2009-03-05 02:30:00
nessus
nessus
TYPO3 'jumpUrl' Mechanism Information Disclosure
2009-02-12 00:00:00
Debian DSA-1720-1 : typo3-src - several vulnerabilities
2009-02-12 00:00:00
packetstorm
packetstorm
Typo3 Sa-2009-002 File Disclosure
2024-08-31 00:00:00
dsquare
dsquare
Typo3 FD
2012-01-26 00:00:00
exploitdb
exploitdb
TYPO3 < 4.0.12/4.1.10/4.2.6 - 'jumpUrl' Remote File Disclosure
2009-02-10 00:00:00
freebsd
freebsd
typo3 -- cross-site scripting and information disclosure
2009-02-10 00:00:00
openvas
openvas
FreeBSD Ports: typo3
2009-02-13 00:00:00
TYPO3 jumpUrl File Disclosure Vulnerability (TYPO3-SA-2009-002)
2013-12-26 00:00:00
Debian Security Advisory DSA 1720-1 (typo3-src)
2009-02-13 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.6
Confidence
Low
EPSS
0.184
Percentile
96.3%
Related for CVE-2009-0815