Lucene search
HistoryJun 03, 2014 - 2:55 p.m.
CVE-2014-3944
typo3
authentication
cve-2014-3944
nvd
security vulnerability
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.8 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
66.3%
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
Affected configurations
Node
typo3typo3Match6.2
ORtypo3typo3Match6.2.0beta1
ORtypo3typo3Match6.2.0beta2
ORtypo3typo3Match6.2.0beta3
ORtypo3typo3Match6.2.1
ORtypo3typo3Match6.2.2
| CPE | Name | Operator | Version |
|---|---|---|---|
| typo3:typo3 | typo3 | eq | 6.2 |
| typo3:typo3 | typo3 | eq | 6.2.0 |
| typo3:typo3 | typo3 | eq | 6.2.1 |
| typo3:typo3 | typo3 | eq | 6.2.2 |
Related
prion
prion
Authentication flaw
2014-06-03 14:55:00
github
github
TYPO3 Improper Session Invalidation
2022-05-17 04:42:47
osv
osv
TYPO3 Improper Session Invalidation
2022-05-17 04:42:47
typo3-src - security update
2014-06-01 00:00:00
cvelist
cvelist
CVE-2014-3944
2014-06-03 14:00:00
ubuntucve
ubuntucve
CVE-2014-3944
2014-06-03 00:00:00
nvd
nvd
CVE-2014-3944
2014-06-03 14:55:11
friendsofphp
friendsofphp
Improper Session Invalidation
2014-05-22 09:33:36
openvas
openvas
TYPO3 6.2.0 - 6.2.2 Multiple Vulnerabilities (TYPO3-CORE-SA-2014-001)
2014-07-03 00:00:00
Debian Security Advisory DSA 2942-1 (typo3-src - security update)
2014-06-01 00:00:00
Debian: Security Advisory (DSA-2942-1)
2014-05-31 00:00:00
typo3
typo3
Multiple Vulnerabilities in TYPO3 CMS
2014-05-22 00:00:00
securityvulns
securityvulns
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6.8 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
66.3%
Related for CVE-2014-3944