Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-2121.NASL
HistoryOct 20, 2010 - 12:00 a.m.

Debian DSA-2121-1 : typo3-src - several vulnerabilities

2010-10-2000:00:00
This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.085 Low

EPSS

Percentile

94.5%

JSON

Several remote vulnerabilities have been discovered in TYPO3. The Common Vulnerabilities and Exposures project identifies the following problems :

  • CVE-2010-3714 Multiple remote file disclosure vulnerabilities in the jumpUrl mechanism and the Extension Manager allowed attackers to read files with the privileges of the account under which the web server was running.

  • CVE-2010-3715 The TYPO3 backend contained several cross-site scripting vulnerabilities, and the RemoveXSS function did not filter all JavaScript code.

  • CVE-2010-3716 Malicious editors with user creation permission could escalate their privileges by creating new users in arbitrary groups, due to lack of input validation in the taskcenter.

  • CVE-2010-3717 TYPO3 exposed a crasher bug in the PHP filter_var function, enabling attackers to cause the web server process to crash and thus consume additional system resources.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2121. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(50024);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");

  script_cve_id("CVE-2010-3714", "CVE-2010-3715", "CVE-2010-3716", "CVE-2010-3717");
  script_bugtraq_id(43786);
  script_xref(name:"DSA", value:"2121");

  script_name(english:"Debian DSA-2121-1 : typo3-src - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several remote vulnerabilities have been discovered in TYPO3. The
Common Vulnerabilities and Exposures project identifies the following
problems :

  - CVE-2010-3714
    Multiple remote file disclosure vulnerabilities in the
    jumpUrl mechanism and the Extension Manager allowed
    attackers to read files with the privileges of the
    account under which the web server was running.

  - CVE-2010-3715
    The TYPO3 backend contained several cross-site scripting
    vulnerabilities, and the RemoveXSS function did not
    filter all JavaScript code.

  - CVE-2010-3716
    Malicious editors with user creation permission could
    escalate their privileges by creating new users in
    arbitrary groups, due to lack of input validation in the
    taskcenter.

  - CVE-2010-3717
    TYPO3 exposed a crasher bug in the PHP filter_var
    function, enabling attackers to cause the web server
    process to crash and thus consume additional system
    resources."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-3714"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-3715"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-3716"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2010-3717"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2010/dsa-2121"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the TYPO3 packages.

For the stable distribution (lenny), these problems have been fixed in
version 4.2.5-1+lenny6."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:typo3-src");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/10/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/10/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"5.0", prefix:"typo3", reference:"4.2.5-1+lenny6")) flag++;
if (deb_check(release:"5.0", prefix:"typo3-src-4.2", reference:"4.2.5-1+lenny6")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxtypo3-srcp-cpe:/a:debian:debian_linux:typo3-src
debiandebian_linux5.0cpe:/o:debian:debian_linux:5.0

Related

openvas 3
securityvulns 2
debian 1
osv 3
cve 6
prion 6
cvelist 6
packetstorm 1
exploitpack 1
nvd 6
seebug 1
ubuntucve 6
github 2
exploitdb 1
openvas
openvas
Debian Security Advisory DSA 2121-1 (typo3-src)
2010-11-17 00:00:00
TYPO3 Multiple Vulnerabilities (Oct 2010)
2014-01-09 00:00:00
Debian: Security Advisory (DSA-2121-1)
2010-11-17 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2121-1] New TYPO3 packages fix several vulnerabilities
2010-10-24 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2010-10-24 00:00:00
debian
debian
[SECURITY] [DSA 2121-1] New TYPO3 packages fix several vulnerabilities
2010-10-19 20:07:09
osv
osv
typo3-src - several vulnerabilities
2010-10-19 00:00:00
TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend
2022-05-17 05:47:13
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism
2022-05-17 05:28:57
cve
cve
CVE-2010-3716
2022-10-03 16:20:54
CVE-2010-3714
2010-10-25 20:01:04
CVE-2010-3715
2022-10-03 16:20:55
prion
prion
Cross site request forgery (csrf)
2010-10-25 20:01:00
Cross site scripting
2010-10-25 20:01:00
Design/Logic Flaw
2010-10-25 20:01:00
cvelist
cvelist
CVE-2010-3716
2022-10-03 16:20:54
CVE-2010-3714
2010-10-25 19:00:00
CVE-2010-3715
2022-10-03 16:20:55
packetstorm
packetstorm
TYPO3 Unauthenticated Arbitrary File Retrieval
2010-12-29 00:00:00
exploitpack
exploitpack
TYPO3 - Arbitrary File Retrieval
2010-12-29 00:00:00
nvd
nvd
CVE-2010-3716
2010-10-25 20:01:04
CVE-2010-3714
2010-10-25 20:01:04
CVE-2010-3715
2010-10-25 20:01:04
seebug
seebug
TYPO3 Unauthenticated Arbitrary File Retrieval
2014-07-01 00:00:00
ubuntucve
ubuntucve
CVE-2010-3714
2010-10-25 00:00:00
CVE-2010-3716
2010-10-25 00:00:00
CVE-2010-3715
2010-10-25 00:00:00
github
github
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism
2022-05-17 05:28:57
TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend
2022-05-17 05:47:13
exploitdb
exploitdb
TYPO3 - Arbitrary File Retrieval
2010-12-29 00:00:00

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:C/I:N/A:N

0.085 Low

EPSS

Percentile

94.5%

JSON
Related for DEBIAN_DSA-2121.NASL
openvas3securityvulns2debian1osv3cve6prion6cvelist6packetstorm1exploitpack1nvd6seebug1ubuntucve6github2exploitdb1