Lucene search

MitreCVE-2009-1264

HistoryApr 07, 2009 - 11:30 p.m.

CVE-2009-1264

2009-04-0723:30:00

CWE-264

mitre

web.nvd.nist.gov

cve-2009-1264

typo3

frontend user registration

sr_feuser_register

information security

access rights

passwords

remote attack

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.002

Percentile

56.7%

JSON

Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.

Affected configurations

Nvd

Node

typo3typo3

AND

stanislas_rollandsr_feuser_registerRange≤2.5.20

stanislas_rollandsr_feuser_registerMatch1.4

stanislas_rollandsr_feuser_registerMatch1.6

stanislas_rollandsr_feuser_registerMatch2.2.1

stanislas_rollandsr_feuser_registerMatch2.2.7

stanislas_rollandsr_feuser_registerMatch2.2.8

stanislas_rollandsr_feuser_registerMatch2.3

stanislas_rollandsr_feuser_registerMatch2.3.6

stanislas_rollandsr_feuser_registerMatch2.4

stanislas_rollandsr_feuser_registerMatch2.5

stanislas_rollandsr_feuser_registerMatch2.5.10

VendorProductVersionCPE
typo3typo3*cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
stanislas_rollandsr_feuser_register*cpe:2.3:a:stanislas_rolland:sr_feuser_register:*:*:*:*:*:*:*:*
stanislas_rollandsr_feuser_register1.4cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.4:*:*:*:*:*:*:*
stanislas_rollandsr_feuser_register1.6cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.6:*:*:*:*:*:*:*
stanislas_rollandsr_feuser_register2.2.1cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.1:*:*:*:*:*:*:*
stanislas_rollandsr_feuser_register2.2.7cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.7:*:*:*:*:*:*:*
stanislas_rollandsr_feuser_register2.2.8cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.8:*:*:*:*:*:*:*
stanislas_rollandsr_feuser_register2.3cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3:*:*:*:*:*:*:*
stanislas_rollandsr_feuser_register2.3.6cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.6:*:*:*:*:*:*:*
stanislas_rollandsr_feuser_register2.4cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	typo3	*	cpe:2.3:a:typo3:typo3::::::::
stanislas_rolland	sr_feuser_register	*	cpe:2.3:a:stanislas_rolland:sr_feuser_register::::::::
stanislas_rolland	sr_feuser_register	1.4	cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.4:::::::*
stanislas_rolland	sr_feuser_register	1.6	cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.6:::::::*
stanislas_rolland	sr_feuser_register	2.2.1	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.1:::::::*
stanislas_rolland	sr_feuser_register	2.2.7	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.7:::::::*
stanislas_rolland	sr_feuser_register	2.2.8	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.8:::::::*
stanislas_rolland	sr_feuser_register	2.3	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3:::::::*
stanislas_rolland	sr_feuser_register	2.3.6	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.6:::::::*
stanislas_rolland	sr_feuser_register	2.4	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.4:::::::*

Rows per page:

1-10 of 121

References

osvdb.org/53278

secunia.com/advisories/34586

typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/

typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/

www.securityfocus.com/bid/34374

www.vupen.com/english/advisories/2009/0938

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

Confidence

Low

EPSS

0.002

Percentile

56.7%

JSON

Related for CVE-2009-1264