ID 3CAF4E6C-4CEF-11E6-A15F-00248C0C745D Type freebsd Reporter FreeBSD Modified 2016-05-24T00:00:00
Description
TYPO3 reports:
Extbase request handling fails to implement a proper access check for
requested controller/ action combinations, which makes it possible for an
attacker to execute arbitrary Extbase actions by crafting a special request. To
successfully exploit this vulnerability, an attacker must have access to at
least one Extbase plugin or module action in a TYPO3 installation. The missing
access check inevitably leads to information disclosure or remote code
execution, depending on the action that an attacker is able to execute.
{"id": "3CAF4E6C-4CEF-11E6-A15F-00248C0C745D", "bulletinFamily": "unix", "title": "typo3 -- Missing access check in Extbase", "description": "\nTYPO3 reports:\n\nExtbase request handling fails to implement a proper access check for\n requested controller/ action combinations, which makes it possible for an\n attacker to execute arbitrary Extbase actions by crafting a special request. To\n successfully exploit this vulnerability, an attacker must have access to at\n least one Extbase plugin or module action in a TYPO3 installation. The missing\n access check inevitably leads to information disclosure or remote code\n execution, depending on the action that an attacker is able to execute.\n\n", "published": "2016-05-24T00:00:00", "modified": "2016-05-24T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://vuxml.freebsd.org/freebsd/3caf4e6c-4cef-11e6-a15f-00248c0c745d.html", "reporter": "FreeBSD", "references": ["https://wiki.typo3.org/TYPO3_CMS_6.2.24", "https://wiki.typo3.org/TYPO3_CMS_7.6.8", "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/"], "cvelist": ["CVE-2016-5091"], "type": "freebsd", "lastseen": "2019-05-29T18:32:38", "edition": 5, "viewCount": 18, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-5091"]}, {"type": "typo3", "idList": ["TYPO3-CORE-SA-2016-013"]}, {"type": "nessus", "idList": ["FREEBSD_PKG_3CAF4E6C4CEF11E6A15F00248C0C745D.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310108058"]}], "modified": "2019-05-29T18:32:38", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2019-05-29T18:32:38", "rev": 2}, "vulnersScore": 6.5}, "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "typo3", "packageVersion": "7.6.8"}, {"OS": "FreeBSD", "OSVersion": "any", "arch": "noarch", "operator": "lt", "packageFilename": "UNKNOWN", "packageName": "typo3-lts", "packageVersion": "6.2.24"}], "scheme": null, "immutableFields": []}
{"cve": [{"lastseen": "2021-04-22T23:58:48", "description": "Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.", "edition": 7, "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-23T21:59:00", "title": "CVE-2016-5091", "type": "cve", "cwe": ["CWE-254"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-5091"], "modified": "2017-01-26T16:39:00", "cpe": ["cpe:/a:typo3:typo3:7.6.6", "cpe:/a:typo3:typo3:8.1.1", "cpe:/a:typo3:typo3:7.2.0", "cpe:/a:typo3:typo3:7.6.7", "cpe:/a:typo3:typo3:7.0.0", "cpe:/a:typo3:typo3:7.6.1", "cpe:/a:typo3:typo3:7.6.2", "cpe:/a:typo3:typo3:7.3.0", "cpe:/a:typo3:typo3:7.0.2", "cpe:/a:typo3:typo3:7.1.0", "cpe:/a:typo3:typo3:7.6.4", "cpe:/a:typo3:typo3:6.2.23", "cpe:/a:typo3:typo3:7.3.1", "cpe:/a:typo3:typo3:7.6.5", "cpe:/a:typo3:typo3:7.6.0", "cpe:/a:typo3:typo3:7.4.0", "cpe:/a:typo3:typo3:7.5.0", "cpe:/a:typo3:typo3:7.6.3", "cpe:/a:typo3:typo3:7.6.8"], "id": "CVE-2016-5091", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5091", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:typo3:typo3:7.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:6.2.23:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:typo3:typo3:7.1.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:34:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5091"], "description": "This host is installed with TYPO3 and is prone to a remote code-execution vulnerability.", "modified": "2018-10-12T00:00:00", "published": "2017-01-25T00:00:00", "id": "OPENVAS:1361412562310108058", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310108058", "type": "openvas", "title": "TYPO3 Extbase Remote Code Execution Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_typo3_extbase_90832.nasl 11888 2018-10-12 15:27:49Z cfischer $\n#\n# TYPO3 Extbase Remote Code Execution Vulnerability\n#\n# Authors:\n# Christian Fischer <christian.fischer@greenbone.net>\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:typo3:typo3\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.108058\");\n script_version(\"$Revision: 11888 $\");\n script_cve_id(\"CVE-2016-5091\");\n script_bugtraq_id(90832);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 17:27:49 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-25 13:00:00 +0100 (Wed, 25 Jan 2017)\");\n script_name(\"TYPO3 Extbase Remote Code Execution Vulnerability\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Web application abuses\");\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH\");\n script_dependencies(\"gb_typo3_detect.nasl\");\n script_mandatory_keys(\"TYPO3/installed\");\n script_require_ports(\"Services/www\", 80);\n\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/90832\");\n script_xref(name:\"URL\", value:\"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/\");\n\n script_tag(name:\"impact\", value:\"A remote attacker can leverage this issue to execute arbitrary code within the context\n of the application. Successful exploits will compromise the application and possibly the underlying system.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Extbase request handling fails to implement a proper access check for requested\n controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by\n crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least\n one Extbase plugin or module action in a TYPO3 installation.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to TYPO3 version 6.2.24, 7.6.8 or 8.1.1 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with TYPO3 and is prone to a remote code-execution vulnerability.\");\n\n script_tag(name:\"affected\", value:\"TYPO3 versions from 4.3.0 to 6.2.23, 7.x before 7.6.8, and 8.1.0\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://typo3.org/\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif( ! port = get_app_port( cpe:CPE ) ) exit( 0 );\nif( ! vers = get_app_version( cpe:CPE, port:port, version_regex:\"[0-9]+\\.[0-9]+\\.[0-9]+\" ) ) exit( 0 );\n\nif( version_in_range( version:vers, test_version:\"4.3.0\", test_version2:\"6.2.23\" ) ) {\n vuln = TRUE;\n fix = \"6.2.24\";\n}\n\nif( vers =~ \"^7\") {\n if( version_is_less( version:vers, test_version:\"7.6.8\" ) ) {\n vuln = TRUE;\n fix = \"7.6.8\";\n }\n}\n\nif( version_is_equal( version:vers, test_version:\"8.1.0\" ) ) {\n vuln = TRUE;\n fix = \"8.1.1\";\n}\n\nif( vuln ) {\n report = report_fixed_ver( installed_version:vers, fixed_version:fix );\n security_message( port:port, data:report );\n exit( 0 );\n}\n\nexit( 99 );", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-06T10:49:16", "description": "TYPO3 reports :\n\nExtbase request handling fails to implement a proper access check for\nrequested controller/ action combinations, which makes it possible for\nan attacker to execute arbitrary Extbase actions by crafting a special\nrequest. To successfully exploit this vulnerability, an attacker must\nhave access to at least one Extbase plugin or module action in a TYPO3\ninstallation. The missing access check inevitably leads to information\ndisclosure or remote code execution, depending on the action that an\nattacker is able to execute.", "edition": 28, "cvss3": {"score": 8.1, "vector": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-07-20T00:00:00", "title": "FreeBSD : typo3 -- Missing access check in Extbase (3caf4e6c-4cef-11e6-a15f-00248c0c745d)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-5091"], "modified": "2016-07-20T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:typo3", "p-cpe:/a:freebsd:freebsd:typo3-lts"], "id": "FREEBSD_PKG_3CAF4E6C4CEF11E6A15F00248C0C745D.NASL", "href": "https://www.tenable.com/plugins/nessus/92448", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92448);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-5091\");\n\n script_name(english:\"FreeBSD : typo3 -- Missing access check in Extbase (3caf4e6c-4cef-11e6-a15f-00248c0c745d)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"TYPO3 reports :\n\nExtbase request handling fails to implement a proper access check for\nrequested controller/ action combinations, which makes it possible for\nan attacker to execute arbitrary Extbase actions by crafting a special\nrequest. To successfully exploit this vulnerability, an attacker must\nhave access to at least one Extbase plugin or module action in a TYPO3\ninstallation. The missing access check inevitably leads to information\ndisclosure or remote code execution, depending on the action that an\nattacker is able to execute.\"\n );\n # https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?68427b25\"\n );\n # https://wiki.typo3.org/TYPO3_CMS_7.6.8\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://get.typo3.org/release-notes/7.x/TYPO3_CMS_7.6.8\"\n );\n # https://wiki.typo3.org/TYPO3_CMS_6.2.24\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://get.typo3.org/release-notes/6.x/TYPO3_CMS_6.2.24\"\n );\n # https://vuxml.freebsd.org/freebsd/3caf4e6c-4cef-11e6-a15f-00248c0c745d.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8313ec5a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:typo3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:typo3-lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/07/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"typo3<7.6.8\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"typo3-lts<6.2.24\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "typo3": [{"lastseen": "2021-06-08T19:14:00", "bulletinFamily": "software", "cvelist": ["CVE-2016-5091"], "description": "It has been discovered, that TYPO3 CMS lacks an access check for Extbase actions.\n\n**Component Type:** TYPO3 CMS\n\n**Release Date:** May 24, 2016\n\n## Vulnerable subcomponent: Extbase\n\n**Vulnerability Type:** Missing access check\n\n**Affected Versions:** Versions 4.3.0 up to 8.1.0\n\n**Severity:** Critical\n\n**Suggested CVSS v2.0:** [AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:O/RC:C](<http://jvnrss.ise.chuo-u.ac.jp/jtg/cvss/cvss2.cgi?vector=%28AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:O/RC:C%29&g=2&lang=en>)\n\n**CVE: **CVE-2016-5091\n\n**Problem Description**: Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute.\n\n**Solution:** Update to TYPO3 versions 6.2.24, 7.6.8 or 8.1.1 that fix the problem described.\n\n**Alternative Solution:** Apply the patches suitable for your TYPO3 branch manually.\n\n**Alternative Solution:** Download the zip archive which contains a folder with a script and patches for all affected TYPO3 versions. _(Please note: If you were quick and applied the zip file before the regression was fixed, you need to download this undo zip archive, which contains a script to revert the patches. After running the script, you have to use the script from above to secure your TYPO3 CMS instances.)_\n\n**Notes: **TYPO3 installations with at least one publicly available Extbase action, are exploitable without any further authentication.\n\nTYPO3 installations without publicly available Extbase actions, are still exploitable for authenticated backend users with access to a backend module, which is based on Extbase.\n\n**Important Note:** The fix introduced changes in the internal request handling of Extbase. In case an such unlikely incompatibility with any extension (that relies on internal API) occurs, the TYPO3 installation still remains fully available and functional, with only little minor issues in Extbase form validation handling.\n\nUsers of **any **TYPO3 version from 4.3.0 to 8.1.0 are **strongly encouraged to upgrade** or to at least apply the patches provided below.\n\nPlease note, that patching a not supported TYPO3 version can be considered only as temporary mitigation. Upgrade to a supported versions should be performed as soon as possible.\n\n**Credits:** Thanks to Stefan Horlacher from Arcus Security GmbH who discovered and reported the issue, Alex Kellner, who also reported the issue and Oliver Hader for discovering a related vulnerability.\n\n**General Advice:** Follow the recommendations that are given in the [TYPO3 Security Guide](<http://docs.typo3.org/typo3cms/SecurityGuide/> \"Opens external link in new window\" ). Please subscribe to the [typo3-announce](<http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce>) mailing list.\n\n**General Note:** All security related code changes are tagged so that you can easily look them up on our [review system](<https://review.typo3.org/#/q/status:merged+project:Packages/TYPO3.CMS+topic:security,n,z>).\n", "edition": 2, "modified": "2016-05-24T00:00:00", "published": "2016-05-24T00:00:00", "id": "TYPO3-CORE-SA-2016-013", "href": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/", "type": "typo3", "title": "Missing Access Check in TYPO3 CMS", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-11-12T01:21:07", "bulletinFamily": "software", "cvelist": ["CVE-2016-5091", "CVE-2020-15086", "CVE-2020-15099"], "description": "It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.\n", "modified": "2020-07-28T00:00:00", "published": "2020-07-28T00:00:00", "id": "TYPO3-EXT-SA-2020-014", "href": "https://typo3.org/security/advisory/typo3-ext-sa-2020-014", "type": "typo3", "title": "Sensitive Information Disclosure in extension \"Media Content Element\" (mediace)", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T13:21:11", "bulletinFamily": "software", "cvelist": ["CVE-2016-5091", "CVE-2020-15098", "CVE-2020-15099"], "description": "It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.\n", "modified": "2020-07-28T00:00:00", "published": "2020-07-28T00:00:00", "id": "TYPO3-CORE-SA-2020-008", "href": "https://typo3.org/security/advisory/typo3-core-sa-2020-008", "type": "typo3", "title": "Sensitive Information Disclosure", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-24T13:21:11", "bulletinFamily": "software", "cvelist": ["CVE-2016-5091", "CVE-2020-15086", "CVE-2020-15099"], "description": "It has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains as described below.\n", "modified": "2020-07-28T00:00:00", "published": "2020-07-28T00:00:00", "id": "TYPO3-PSA-2020-001", "href": "https://typo3.org/security/advisory/typo3-psa-2020-001", "type": "typo3", "title": "Critical vulnerability in legacy versions of TYPO3 CMS", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
