Lucene search
HistoryJan 22, 2009 - 11:30 p.m.
CVE-2009-0256
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.5
Confidence
High
EPSS
0.015
Percentile
86.9%
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.
Affected configurations
Node
typo3typo3Match4.0
ORtypo3typo3Match4.0.1
ORtypo3typo3Match4.0.2
ORtypo3typo3Match4.0.3
ORtypo3typo3Match4.0.4
ORtypo3typo3Match4.0.5
ORtypo3typo3Match4.0.6
ORtypo3typo3Match4.0.7
ORtypo3typo3Match4.0.8
ORtypo3typo3Match4.0.9
ORtypo3typo3Match4.1.0
ORtypo3typo3Match4.1.0beta1
ORtypo3typo3Match4.1.0rc1
ORtypo3typo3Match4.1.1
ORtypo3typo3Match4.1.2
ORtypo3typo3Match4.1.3
ORtypo3typo3Match4.1.4
ORtypo3typo3Match4.1.5
ORtypo3typo3Match4.1.6
ORtypo3typo3Match4.1.7
ORtypo3typo3Match4.2.0
ORtypo3typo3Match4.2.1
ORtypo3typo3Match4.2.2
ORtypo3typo3Match4.2.3
| Vendor | Product | Version | CPE |
|---|---|---|---|
| typo3 | typo3 | 4.0 | cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.1 | cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.2 | cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.3 | cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.4 | cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.5 | cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.6 | cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.7 | cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.8 | cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.9 | cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:* |
Related
osv
osv
Authentication library in TYPO3 vulnerable to session fixation
2022-05-02 03:13:51
typo3-src - remote code execution
2009-01-26 00:00:00
cvelist
cvelist
CVE-2009-0256
2009-01-22 23:00:00
github
github
Authentication library in TYPO3 vulnerable to session fixation
2022-05-02 03:13:51
cve
cve
CVE-2009-0256
2009-01-22 23:30:04
ubuntucve
ubuntucve
CVE-2009-0256
2009-01-22 00:00:00
prion
prion
Session fixation
2009-01-22 23:30:00
openvas
openvas
TYPO3 Multiple Vulnerabilities (Jan 2009)
2013-12-26 00:00:00
FreeBSD Ports: typo3
2009-02-13 00:00:00
FreeBSD Ports: typo3
2009-02-13 00:00:00
nessus
nessus
FreeBSD : typo3 -- multiple vulnerabilities (653606e9-f6ac-11dd-94d9-0030843d3802)
2009-02-09 00:00:00
Debian DSA-1711-1 : typo3-src - several vulnerabilities
2009-01-27 00:00:00
securityvulns
securityvulns
debian
debian
[SECURITY] [DSA 1711-1] New TYPO3 packages fix remote code execution
2009-01-26 20:54:10
freebsd
freebsd
typo3 -- multiple vulnerabilities
2009-02-07 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.5
Confidence
High
EPSS
0.015
Percentile
86.9%
Related for NVD:CVE-2009-0256