Lucene search

RedhatCVE-2010-5101

HistoryMay 21, 2012 - 8:55 p.m.

CVE-2010-5101

2012-05-2120:55:16

CWE-22

redhat

web.nvd.nist.gov

cve-2010-5101

typoscript

directory traversal

typo3

vulnerability

file inclusion

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

55.7%

JSON

Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the “file inclusion functionality.”

Affected configurations

Nvd

Node

typo3typo3Match4.2.0

typo3typo3Match4.2.1

typo3typo3Match4.2.2

typo3typo3Match4.2.3

typo3typo3Match4.2.4

typo3typo3Match4.2.5

typo3typo3Match4.2.6

typo3typo3Match4.2.7

typo3typo3Match4.2.8

typo3typo3Match4.2.9

typo3typo3Match4.2.10

typo3typo3Match4.2.11

typo3typo3Match4.2.12

typo3typo3Match4.2.13

typo3typo3Match4.2.14

typo3typo3Match4.2.15

typo3typo3Match4.3.0

typo3typo3Match4.3.1

typo3typo3Match4.3.2

typo3typo3Match4.3.3

typo3typo3Match4.3.4

typo3typo3Match4.3.5

typo3typo3Match4.3.6

typo3typo3Match4.3.7

typo3typo3Match4.3.8

typo3typo3Match4.4.1

typo3typo3Match4.4.2

typo3typo3Match4.4.3

typo3typo3Match4.4.4

VendorProductVersionCPE
typo3typo34.2.0cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
typo3typo34.2.1cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
typo3typo34.2.2cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
typo3typo34.2.3cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
typo3typo34.2.4cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*
typo3typo34.2.5cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*
typo3typo34.2.6cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*
typo3typo34.2.7cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*
typo3typo34.2.8cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*
typo3typo34.2.9cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	typo3	4.2.0	cpe:2.3:a:typo3:typo3:4.2.0:::::::*
typo3	typo3	4.2.1	cpe:2.3:a:typo3:typo3:4.2.1:::::::*
typo3	typo3	4.2.2	cpe:2.3:a:typo3:typo3:4.2.2:::::::*
typo3	typo3	4.2.3	cpe:2.3:a:typo3:typo3:4.2.3:::::::*
typo3	typo3	4.2.4	cpe:2.3:a:typo3:typo3:4.2.4:::::::*
typo3	typo3	4.2.5	cpe:2.3:a:typo3:typo3:4.2.5:::::::*
typo3	typo3	4.2.6	cpe:2.3:a:typo3:typo3:4.2.6:::::::*
typo3	typo3	4.2.7	cpe:2.3:a:typo3:typo3:4.2.7:::::::*
typo3	typo3	4.2.8	cpe:2.3:a:typo3:typo3:4.2.8:::::::*
typo3	typo3	4.2.9	cpe:2.3:a:typo3:typo3:4.2.9:::::::*

Rows per page:

1-10 of 291

References

secunia.com/advisories/35770

typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/

www.openwall.com/lists/oss-security/2011/01/13/2

www.openwall.com/lists/oss-security/2012/05/10/7

www.openwall.com/lists/oss-security/2012/05/11/3

www.openwall.com/lists/oss-security/2012/05/12/5

www.osvdb.org/70119

www.securityfocus.com/bid/45470

exchange.xforce.ibmcloud.com/vulnerabilities/64180

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.002

Percentile

55.7%

JSON

Related for CVE-2010-5101