Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TYPO3_10_4_2.NASL
HistoryJul 13, 2020 - 12:00 a.m.

TYPO3 9.x < 9.5.17 / 10.x < 10.4.2 Multiple Vulnerabilities

2020-07-1300:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

7.4 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.0%

JSON

The version of TYPO3 installed on the remote host is 9.x prior to 9.5.17 or 10.x prior to 10.4.2. It is, therefore, affected by multiple vulnerabilities:

  • A cross-site scripting (XSS) vulnerability exists in Typo3’s form engine component due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user’s browser session (CVE-2020-11064).

  • Multiple insecure deserialization vulnerabilities exist in Typo3. An authenticated, remote attacker could exploit this, by crafting a specially crafted object, to execute arbitrary code on an affected host (CVE-2020-11066 & CVE-2020-11067).

  • A server-side request forgery vulnerability exists in Typo3’s backend user interface and install tool components. An unauthenticated, remote attacker could exploit this, by uploading a specially crafted file, to force the application to generate potentially malicious requests on their behalf. (CVE-2020-11069).

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(138385);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/05");

  script_cve_id(
    "CVE-2020-11064",
    "CVE-2020-11066",
    "CVE-2020-11067",
    "CVE-2020-11069"
  );

  script_name(english:"TYPO3 9.x < 9.5.17 / 10.x < 10.4.2 Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote web server contains a PHP script that is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of TYPO3 installed on the remote host is 9.x prior to 9.5.17 or 10.x prior to 10.4.2. It is, therefore,
affected by multiple vulnerabilities:
  - A cross-site scripting (XSS) vulnerability exists in Typo3's form engine component due to improper
  validation of user-supplied input before returning it to users. An authenticated, remote attacker 
  can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script
  code in a user's browser session (CVE-2020-11064).

  - Multiple insecure deserialization vulnerabilities exist in Typo3. An authenticated, remote attacker
  could exploit this, by crafting a specially crafted object, to execute arbitrary code
  on an affected host (CVE-2020-11066 & CVE-2020-11067).

  - A server-side request forgery vulnerability exists in Typo3's backend user interface and install
  tool components. An unauthenticated, remote attacker could exploit this, by uploading a specially
  crafted file, to force the application to generate potentially malicious requests on their 
  behalf. (CVE-2020-11069).

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version");
  # https://typo3.org/security/advisory/typo3-core-sa-2020-002
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?910f6181");
  # https://typo3.org/security/advisory/typo3-core-sa-2020-004
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e5854bab");
  # https://typo3.org/security/advisory/typo3-core-sa-2020-005
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d58229ad");
  # https://typo3.org/security/advisory/typo3-core-sa-2020-006
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e039f653");
  script_set_attribute(attribute:"solution", value:
"Upgrade to TYPO3 9.5.17, 10.4.2 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-11069");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-11066");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/05/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/13");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:typo3:typo3");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_set_attribute(attribute:"enable_cgi_scanning", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("typo3_detect.nasl");
  script_require_keys("installed_sw/TYPO3", "www/PHP");
  script_exclude_keys("Settings/disable_cgi_scanning");
  script_require_ports("Services/www", 80);

  exit(0);
}

include('http.inc');
include('vcf.inc');

port = get_http_port(default:80, php:TRUE);
app_info = vcf::get_app_info(app:'TYPO3', port:port, webapp:TRUE);

constraints = [
  {'min_version':'9.0' , 'fixed_version':'9.5.17'},
  {'min_version':'10.0', 'fixed_version':'10.4.2'}
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING
);
VendorProductVersionCPE
typo3typo3cpe:/a:typo3:typo3

Related

openvas 1
freebsd 1
nessus 1
veracode 4
cve 5
osv 15
friendsofphp 8
github 5
prion 5
typo3 5
nvd 5
cvelist 5
ubuntucve 1
openvas
openvas
TYPO3 9.0.0 < 9.5.17, 10.0.0 < 10.4.2 Multiple Vulnerabilities (TYPO3-CORE-SA-2020-002, TYPO3-CORE-SA-2020-004 to TYPO3-CORE-SA-2020-006)
2020-05-15 00:00:00
freebsd
freebsd
typo3 -- multiple vulnerabilities
2020-05-12 00:00:00
nessus
nessus
FreeBSD : typo3 -- multiple vulnerabilities (59fabdf2-9549-11ea-9448-08002728f74c)
2020-05-14 00:00:00
veracode
veracode
Insecure Deserialization
2020-05-14 04:41:41
Insecure Deserialization
2020-05-14 07:03:03
Same-site Request Forgery (SSRF)
2020-05-14 08:03:12
cve
cve
CVE-2020-11066
2020-05-14 00:15:11
CVE-2020-11067
2020-05-14 00:15:11
CVE-2020-11069
2020-05-14 00:15:11
osv
osv
Insecure Deserialization in Backend User Settings in TYPO3 CMS
2020-05-13 23:29:04
BIT-typo3-2020-11067
2024-03-06 11:11:55
Class destructors causing side-effects when being unserialized in TYPO3 CMS
2020-05-13 23:18:38
friendsofphp
friendsofphp
TYPO3-CORE-SA-2020-005: Insecure Deserialization in Backend User Settings
2020-05-12 09:21:27
TYPO3-CORE-SA-2020-004: Class destructors causing side-effects when being unserialized
2020-05-12 09:21:19
TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine
2020-05-12 09:21:07
github
github
Insecure Deserialization in Backend User Settings in TYPO3 CMS
2020-05-13 23:29:04
Class destructors causing side-effects when being unserialized in TYPO3 CMS
2020-05-13 23:18:38
Cross-Site Scripting in TYPO3 CMS Form Engine
2020-05-13 23:17:48
prion
prion
Deserialization of untrusted data
2020-05-14 00:15:00
Cross site request forgery (csrf)
2020-05-14 00:15:00
Cross site scripting
2020-05-13 23:15:00
typo3
typo3
Insecure Deserialization in Backend User Settings
2020-05-12 00:00:00
Same-Origin Request Forgery to Backend User Interface
2020-05-12 00:00:00
Cross-Site Scripting in Form Engine
2020-05-12 00:00:00
nvd
nvd
CVE-2020-11066
2020-05-14 00:15:11
CVE-2020-11064
2020-05-13 23:15:11
CVE-2020-11069
2020-05-14 00:15:11
cvelist
cvelist
CVE-2020-11064 Cross-Site Scripting in TYPO3 CMS
2020-05-13 22:50:11
CVE-2020-11067 Deserialization of Untrusted Data in TYPO3 CMS
2020-05-13 23:25:13
CVE-2020-11069 Cross-Site Request Forgery in TYPO3 CMS
2020-05-13 23:35:37
ubuntucve
ubuntucve
CVE-2021-41113
2021-10-05 00:00:00

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

7.4 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

76.0%

JSON
Related for TYPO3_10_4_2.NASL
openvas1freebsd1nessus1veracode4cve5osv15friendsofphp8github5prion5typo35nvd5cvelist5ubuntucve1