GitHub Advisory DatabaseGHSA-9J8H-XRGJ-7GW2TYPO3 Improper Session Invalidation
6.8 Medium
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
65.9%
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
References
typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
www.debian.org/security/2014/dsa-2942
www.openwall.com/lists/oss-security/2014/06/03/2
github.com/advisories/GHSA-9j8h-xrgj-7gw2
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3944.yaml
nvd.nist.gov/vuln/detail/CVE-2014-3944
typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
Related
6.8 Medium
AI Score
Confidence
Low
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.003 Low
EPSS
Percentile
65.9%