Lucene search

[email protected]CVE-2016-5091

HistoryJan 23, 2017 - 9:59 p.m.

CVE-2016-5091

2017-01-2321:59:01

CWE-254

[email protected]

web.nvd.nist.gov

typo3

extbase

vulnerability

remote attackers

sensitive information

arbitrary code

cve-2016-5091

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.034 Low

EPSS

Percentile

91.5%

JSON

Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.

Affected configurations

NVD

Node

typo3typo3Range≤6.2.23

typo3typo3Match7.0.0

typo3typo3Match7.0.2

typo3typo3Match7.1.0

typo3typo3Match7.2.0

typo3typo3Match7.3.0

typo3typo3Match7.3.1

typo3typo3Match7.4.0

typo3typo3Match7.5.0

typo3typo3Match7.6.0

typo3typo3Match7.6.1

typo3typo3Match7.6.2

typo3typo3Match7.6.3

typo3typo3Match7.6.4

typo3typo3Match7.6.5

typo3typo3Match7.6.6

typo3typo3Match7.6.7

typo3typo3Match7.6.8

typo3typo3Match8.1.1

CPENameOperatorVersion
typo3:typo3typo3le6.2.23
typo3:typo3typo3eq7.0.0
typo3:typo3typo3eq7.0.2
typo3:typo3typo3eq7.1.0
typo3:typo3typo3eq7.2.0
typo3:typo3typo3eq7.3.0
typo3:typo3typo3eq7.3.1
typo3:typo3typo3eq7.4.0
typo3:typo3typo3eq7.5.0
typo3:typo3typo3eq7.6.0

CPE	Name	Operator	Version
typo3:typo3	typo3	le	6.2.23
typo3:typo3	typo3	eq	7.0.0
typo3:typo3	typo3	eq	7.0.2
typo3:typo3	typo3	eq	7.1.0
typo3:typo3	typo3	eq	7.2.0
typo3:typo3	typo3	eq	7.3.0
typo3:typo3	typo3	eq	7.3.1
typo3:typo3	typo3	eq	7.4.0
typo3:typo3	typo3	eq	7.5.0
typo3:typo3	typo3	eq	7.6.0