ID CVE-2009-0816 Type cve Reporter cve@mitre.org Modified 2010-04-27T05:49:00
Description
Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
{"openvas": [{"lastseen": "2017-07-24T12:56:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0816", "CVE-2009-0815"], "description": "The remote host is missing an update to typo3-src\nannounced via advisory DSA 1720-1.", "modified": "2017-07-07T00:00:00", "published": "2009-02-13T00:00:00", "id": "OPENVAS:63393", "href": "http://plugins.openvas.org/nasl.php?oid=63393", "type": "openvas", "title": "Debian Security Advisory DSA 1720-1 (typo3-src)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1720_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1720-1 (typo3-src)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the TYPO3 web\ncontent management framework.\n\nMarcus Krause and Michael Stucki from the TYPO3 security team\ndiscovered that the jumpUrl mechanism discloses secret hashes enabling\na remote attacker to bypass access control by submitting the correct\nvalue as a URL parameter and thus being able to read the content of\narbitrary files.\n\nJelmer de Hen and Dmitry Dulepov discovered multiple cross-site\nscripting vulnerabilities in the backend user interface allowing\nremote attackers to inject arbitrary web script or HTML.\n\nAs it is very likely that your encryption key has been exposed we\nstrongly recommend to change your encyption key via the install tool\nafter installing the update.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 4.0.2+debian-8.\n\nFor the testing distribution (lenny) these problems have been fixed in\nversion 4.2.5-1+lenny1.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 4.2.6-1.\n\nWe recommend that you upgrade your typo3 package.\";\ntag_summary = \"The remote host is missing an update to typo3-src\nannounced via advisory DSA 1720-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201720-1\";\n\n\nif(description)\n{\n script_id(63393);\n script_cve_id(\"CVE-2009-0815\",\"CVE-2009-0816\");\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Debian Security Advisory DSA 1720-1 (typo3-src)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"typo3-src-4.0\", ver:\"4.0.2+debian-8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"typo3\", ver:\"4.0.2+debian-8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:39:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0816", "CVE-2009-0815"], "description": "The remote host is missing an update to typo3-src\nannounced via advisory DSA 1720-1.", "modified": "2018-04-06T00:00:00", "published": "2009-02-13T00:00:00", "id": "OPENVAS:136141256231063393", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063393", "type": "openvas", "title": "Debian Security Advisory DSA 1720-1 (typo3-src)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1720_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1720-1 (typo3-src)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several remote vulnerabilities have been discovered in the TYPO3 web\ncontent management framework.\n\nMarcus Krause and Michael Stucki from the TYPO3 security team\ndiscovered that the jumpUrl mechanism discloses secret hashes enabling\na remote attacker to bypass access control by submitting the correct\nvalue as a URL parameter and thus being able to read the content of\narbitrary files.\n\nJelmer de Hen and Dmitry Dulepov discovered multiple cross-site\nscripting vulnerabilities in the backend user interface allowing\nremote attackers to inject arbitrary web script or HTML.\n\nAs it is very likely that your encryption key has been exposed we\nstrongly recommend to change your encyption key via the install tool\nafter installing the update.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 4.0.2+debian-8.\n\nFor the testing distribution (lenny) these problems have been fixed in\nversion 4.2.5-1+lenny1.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 4.2.6-1.\n\nWe recommend that you upgrade your typo3 package.\";\ntag_summary = \"The remote host is missing an update to typo3-src\nannounced via advisory DSA 1720-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201720-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63393\");\n script_cve_id(\"CVE-2009-0815\",\"CVE-2009-0816\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_name(\"Debian Security Advisory DSA 1720-1 (typo3-src)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"typo3-src-4.0\", ver:\"4.0.2+debian-8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"typo3\", ver:\"4.0.2+debian-8\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-04-06T11:37:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0816", "CVE-2009-0815"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2018-04-06T00:00:00", "published": "2009-02-13T00:00:00", "id": "OPENVAS:136141256231063356", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063356", "type": "openvas", "title": "FreeBSD Ports: typo3", "sourceData": "#\n#VID cc47fafe-f823-11dd-94d9-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID cc47fafe-f823-11dd-94d9-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: typo3\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/33829/\nhttp://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/\nhttp://www.vuxml.org/freebsd/cc47fafe-f823-11dd-94d9-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63356\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2009-0815\", \"CVE-2009-0816\");\n script_name(\"FreeBSD Ports: typo3\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"typo3\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.2.6\")<0) {\n txt += 'Package typo3 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:37:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0816", "CVE-2009-0815"], "description": "This host is installed with TYPO3 and is prone to multiple vulnerabilities.", "modified": "2019-03-12T00:00:00", "published": "2013-12-26T00:00:00", "id": "OPENVAS:1361412562310803989", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803989", "type": "openvas", "title": "TYPO3 jumpUrl File Disclosure Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_typo3_jumpurl_file_disclosure_vuln.nasl 14117 2019-03-12 14:02:42Z cfischer $\n#\n# TYPO3 jumpUrl File Disclosure Vulnerability\n#\n# Authors:\n# Shashi Kiran N <nskiran@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2013 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:typo3:typo3\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803989\");\n script_version(\"$Revision: 14117 $\");\n script_cve_id(\"CVE-2009-0815\", \"CVE-2009-0816\");\n script_bugtraq_id(33714);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 15:02:42 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-12-26 17:48:31 +0530 (Thu, 26 Dec 2013)\");\n script_name(\"TYPO3 jumpUrl File Disclosure Vulnerability\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to steal the\n victim's cookie-based authentication credentials or access arbitrary file.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a Crafted HTTP GET request and check whether it is able to fetch a\n remote file.\");\n\n script_tag(name:\"insight\", value:\"Multiple error exists in the application,\n\n - An error exist in jumpUrl mechanism, which will disclose a hash secret.\n\n - An error exist in backend user interface, which fails to validate user\n supplied input properly.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to TYPO3 version 4.0.12, 4.1.10, 4.2.6 or later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"summary\", value:\"This host is installed with TYPO3 and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"affected\", value:\"TYPO3 versions 3.3.x, 3.5.x, 3.6.x, 3.7.x, 3.8.x, 4.0 to 4.0.11,\n 4.1.0 to 4.1.9, 4.2.0 to 4.2.5, 4.3alpha1\");\n\n script_xref(name:\"URL\", value:\"http://www.securitytracker.com/id?1021710\");\n script_xref(name:\"URL\", value:\"http://typo3.org/teams/security/security-bulletins/typo3-core/TYPO3-SA-2009-002/\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (C) 2013 Greenbone Networks GmbH\");\n script_dependencies(\"gb_typo3_detect.nasl\");\n script_mandatory_keys(\"TYPO3/installed\");\n script_require_ports(\"Services/www\", 80);\n exit(0);\n}\n\ninclude(\"url_func.inc\");\ninclude(\"http_func.inc\");\n\ninclude(\"host_details.inc\");\n\nif(!typoPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(typoLoca = get_app_location(cpe:CPE, port:typoPort))\n{\n url = \"/?jumpurl=\" + urlencode(str:\"typo3conf/localconf.php\")+\n \"&type=0&juSecure=1&locationData=\"+ urlencode(str:\"2:\");\n\n sndReq = http_get(item:string(typoLoca, url), port:typoPort);\n rcvRes = http_send_recv(port:typoPort, data:sndReq);\n\n hash = eregmatch(pattern:\"jumpurl Secure: Calculated juHash, ([a-z0-9]+), did not match\" , string:rcvRes);\n\n if(hash[1])\n {\n hashURL = url + \"&juHash=\" + hash[1];\n\n sndReq = http_get(item:string(typoLoca, hashURL), port:typoPort);\n rcvRes = http_send_recv(port:typoPort, data:sndReq);\n\n if(rcvRes && rcvRes =~ \"HTTP/1.. 200\" && \"$typo_db\" >< rcvRes &&\n \"$typo_db_username\" >< rcvRes)\n {\n security_message(typoPort);\n exit(0);\n }\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-02T21:13:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0816", "CVE-2009-0815"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-12-28T00:00:00", "published": "2009-02-13T00:00:00", "id": "OPENVAS:63356", "href": "http://plugins.openvas.org/nasl.php?oid=63356", "type": "openvas", "title": "FreeBSD Ports: typo3", "sourceData": "#\n#VID cc47fafe-f823-11dd-94d9-0030843d3802\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID cc47fafe-f823-11dd-94d9-0030843d3802\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: typo3\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://secunia.com/advisories/33829/\nhttp://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/\nhttp://www.vuxml.org/freebsd/cc47fafe-f823-11dd-94d9-0030843d3802.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(63356);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_version(\"$Revision: 4865 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-28 17:16:43 +0100 (Wed, 28 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2009-0815\", \"CVE-2009-0816\");\n script_name(\"FreeBSD Ports: typo3\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"typo3\");\nif(!isnull(bver) && revcomp(a:bver, b:\"4.2.6\")<0) {\n txt += 'Package typo3 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:17", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0816", "CVE-2009-0815"], "description": "\nSecunia reports:\n\nSome vulnerabilities have been reported in Typo3, which can be\n\t exploited by malicious people to conduct cross-site scripting attacks\n\t and disclose sensitive information.\nInput passed via unspecified fields to the backend user interface\n\t is not properly sanitised before being returned to the user. This can\n\t be exploited to execute arbitrary HTML and script code in a user's\n\t browser session in context of an affected site.\nAn error in the \"jumpUrl\" mechanism can be exploited to read\n\t arbitrary files from local resources by disclosing a hash secret used\n\t to restrict file access.\n\n", "edition": 4, "modified": "2010-05-02T00:00:00", "published": "2009-02-10T00:00:00", "id": "CC47FAFE-F823-11DD-94D9-0030843D3802", "href": "https://vuxml.freebsd.org/freebsd/cc47fafe-f823-11dd-94d9-0030843d3802.html", "title": "typo3 -- cross-site scripting and information disclosure", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-06T09:45:17", "description": "Several remote vulnerabilities have been discovered in the TYPO3 web\ncontent management framework.\n\nMarcus Krause and Michael Stucki from the TYPO3 security team\ndiscovered that the jumpUrl mechanism discloses secret hashes enabling\na remote attacker to bypass access control by submitting the correct\nvalue as a URL parameter and thus being able to read the content of\narbitrary files.\n\nJelmer de Hen and Dmitry Dulepov discovered multiple cross-site\nscripting vulnerabilities in the backend user interface allowing\nremote attackers to inject arbitrary web script or HTML.\n\nAs it is very likely that your encryption key has been exposed we\nstrongly recommend to change your encryption key via the install tool\nafter installing the update.", "edition": 30, "published": "2009-02-12T00:00:00", "title": "Debian DSA-1720-1 : typo3-src - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0816", "CVE-2009-0815"], "modified": "2009-02-12T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:typo3-src"], "id": "DEBIAN_DSA-1720.NASL", "href": "https://www.tenable.com/plugins/nessus/35638", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1720. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35638);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2009-0815\", \"CVE-2009-0816\");\n script_xref(name:\"DSA\", value:\"1720\");\n\n script_name(english:\"Debian DSA-1720-1 : typo3-src - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several remote vulnerabilities have been discovered in the TYPO3 web\ncontent management framework.\n\nMarcus Krause and Michael Stucki from the TYPO3 security team\ndiscovered that the jumpUrl mechanism discloses secret hashes enabling\na remote attacker to bypass access control by submitting the correct\nvalue as a URL parameter and thus being able to read the content of\narbitrary files.\n\nJelmer de Hen and Dmitry Dulepov discovered multiple cross-site\nscripting vulnerabilities in the backend user interface allowing\nremote attackers to inject arbitrary web script or HTML.\n\nAs it is very likely that your encryption key has been exposed we\nstrongly recommend to change your encryption key via the install tool\nafter installing the update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1720\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the typo3 package.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 4.0.2+debian-8.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Typo3 FD\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:typo3-src\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"typo3\", reference:\"4.0.2+debian-8\")) flag++;\nif (deb_check(release:\"4.0\", prefix:\"typo3-src-4.0\", reference:\"4.0.2+debian-8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T10:50:06", "description": "Secunia reports :\n\nSome vulnerabilities have been reported in Typo3, which can be\nexploited by malicious people to conduct cross-site scripting attacks\nand disclose sensitive information.\n\nInput passed via unspecified fields to the backend user interface is\nnot properly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user's\nbrowser session in context of an affected site.\n\nAn error in the 'jumpUrl' mechanism can be exploited to read arbitrary\nfiles from local resources by disclosing a hash secret used to\nrestrict file access.", "edition": 30, "published": "2009-02-12T00:00:00", "title": "FreeBSD : typo3 -- XSS and information disclosure (cc47fafe-f823-11dd-94d9-0030843d3802)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0816", "CVE-2009-0815"], "modified": "2009-02-12T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:typo3"], "id": "FREEBSD_PKG_CC47FAFEF82311DD94D90030843D3802.NASL", "href": "https://www.tenable.com/plugins/nessus/35641", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2019 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35641);\n script_version(\"1.23\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2009-0815\", \"CVE-2009-0816\");\n script_xref(name:\"Secunia\", value:\"33829\");\n\n script_name(english:\"FreeBSD : typo3 -- XSS and information disclosure (cc47fafe-f823-11dd-94d9-0030843d3802)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nSome vulnerabilities have been reported in Typo3, which can be\nexploited by malicious people to conduct cross-site scripting attacks\nand disclose sensitive information.\n\nInput passed via unspecified fields to the backend user interface is\nnot properly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user's\nbrowser session in context of an affected site.\n\nAn error in the 'jumpUrl' mechanism can be exploited to read arbitrary\nfiles from local resources by disclosing a hash secret used to\nrestrict file access.\"\n );\n # http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e6914b0f\"\n );\n # https://vuxml.freebsd.org/freebsd/cc47fafe-f823-11dd-94d9-0030843d3802.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c0497b0f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Typo3 FD\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_cwe_id(79, 200);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:typo3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/02/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"typo3<4.2.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}
