Lucene search
RedhatCVE-2009-3628HistoryNov 02, 2009 - 3:30 p.m.
CVE-2009-3628
2009-11-0215:30:00
CWE-200
redhat
web.nvd.nist.gov
35
cve-2009-3628
typo3
encryption key
disclosure
nvd
security vulnerability
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.9
Confidence
Low
EPSS
0.002
Percentile
54.7%
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.
Affected configurations
Node
typo3typo3Range≤4.0.12
ORtypo3typo3Match0.1.2
ORtypo3typo3Match1.0.14
ORtypo3typo3Match1.1
ORtypo3typo3Match1.1.1
ORtypo3typo3Match1.1.09
ORtypo3typo3Match1.1.10
ORtypo3typo3Match1.2.0
ORtypo3typo3Match1.3.0
ORtypo3typo3Match1.3.2
ORtypo3typo3Match3.0
ORtypo3typo3Match3.3.x
ORtypo3typo3Match3.5
ORtypo3typo3Match3.5.x
ORtypo3typo3Match3.6.x
ORtypo3typo3Match3.7.0
ORtypo3typo3Match3.7.1
ORtypo3typo3Match3.7.x
ORtypo3typo3Match3.8
ORtypo3typo3Match3.8.x
ORtypo3typo3Match4.0
ORtypo3typo3Match4.0.1
ORtypo3typo3Match4.0.2
ORtypo3typo3Match4.0.3
ORtypo3typo3Match4.0.4
ORtypo3typo3Match4.0.5
ORtypo3typo3Match4.0.6
ORtypo3typo3Match4.0.7
ORtypo3typo3Match4.0.8
ORtypo3typo3Match4.0.9
ORtypo3typo3Match4.0.10
ORtypo3typo3Match4.0.11
ORtypo3typo3Match4.1.0
ORtypo3typo3Match4.1.0beta1
ORtypo3typo3Match4.1.0rc1
ORtypo3typo3Match4.1.1
ORtypo3typo3Match4.1.2
ORtypo3typo3Match4.1.3
ORtypo3typo3Match4.1.4
ORtypo3typo3Match4.1.5
ORtypo3typo3Match4.1.6
ORtypo3typo3Match4.1.7
ORtypo3typo3Match4.1.8
ORtypo3typo3Match4.1.9
ORtypo3typo3Match4.1.10
ORtypo3typo3Match4.1.11
ORtypo3typo3Match4.1.12
ORtypo3typo3Match4.2.0
ORtypo3typo3Match4.2.1
ORtypo3typo3Match4.2.2
ORtypo3typo3Match4.2.3
ORtypo3typo3Match4.2.4
ORtypo3typo3Match4.2.5
ORtypo3typo3Match4.2.6
ORtypo3typo3Match4.2.7
ORtypo3typo3Match4.2.8
ORtypo3typo3Match4.2.9
ORtypo3typo3Match4.3
ORtypo3typo3Match4.3alpha1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| typo3 | typo3 | * | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* |
| typo3 | typo3 | 0.1.2 | cpe:2.3:a:typo3:typo3:0.1.2:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.0.14 | cpe:2.3:a:typo3:typo3:1.0.14:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.1 | cpe:2.3:a:typo3:typo3:1.1:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.1.1 | cpe:2.3:a:typo3:typo3:1.1.1:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.1.09 | cpe:2.3:a:typo3:typo3:1.1.09:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.1.10 | cpe:2.3:a:typo3:typo3:1.1.10:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.2.0 | cpe:2.3:a:typo3:typo3:1.2.0:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.3.0 | cpe:2.3:a:typo3:typo3:1.3.0:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.3.2 | cpe:2.3:a:typo3:typo3:1.3.2:*:*:*:*:*:*:* |
Related
prion
prion
Code injection
2009-11-02 15:30:00
cvelist
cvelist
CVE-2009-3628
2009-11-02 15:00:00
github
github
TYPO3 Backend Discloses Encryption Key
2022-05-02 03:46:56
osv
osv
TYPO3 Backend Discloses Encryption Key
2022-05-02 03:46:56
typo3-src - several vulnerabilities
2009-11-04 00:00:00
nvd
nvd
CVE-2009-3628
2009-11-02 15:30:00
ubuntucve
ubuntucve
CVE-2009-3628
2009-11-02 00:00:00
openvas
openvas
TYPO3 Multiple Vulnerabilities (Oct 2009)
2013-12-27 00:00:00
Debian Security Advisory DSA 1926-1 (typo3-src)
2009-11-11 00:00:00
FreeBSD Ports: typo3
2009-11-11 00:00:00
nessus
nessus
Debian DSA-1926-1 : typo3-src - several vulnerabilities
2010-02-24 00:00:00
freebsd
freebsd
typo3 -- multiple vulnerabilities in TYPO3 Core
2009-10-22 00:00:00
debian
debian
[SECURITY] [DSA 1926-1] New TYPO3 packages fix several vulnerabilities
2009-11-04 19:33:20
securityvulns
securityvulns
CVSS2
4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
AI Score
5.9
Confidence
Low
EPSS
0.002
Percentile
54.7%
Related for CVE-2009-3628