Lucene search
HistoryNov 02, 2009 - 3:30 p.m.
CVE-2009-3635
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.6
Confidence
Low
EPSS
0.017
Percentile
87.7%
The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password’s md5 hash as a credential.
Affected configurations
Node
typo3typo3Range≤4.0.12
ORtypo3typo3Match0.1.2
ORtypo3typo3Match1.0.14
ORtypo3typo3Match1.1
ORtypo3typo3Match1.1.1
ORtypo3typo3Match1.1.09
ORtypo3typo3Match1.1.10
ORtypo3typo3Match1.2.0
ORtypo3typo3Match1.3.0
ORtypo3typo3Match1.3.2
ORtypo3typo3Match3.0
ORtypo3typo3Match3.3.x
ORtypo3typo3Match3.5
ORtypo3typo3Match3.5.x
ORtypo3typo3Match3.6.x
ORtypo3typo3Match3.7.0
ORtypo3typo3Match3.7.1
ORtypo3typo3Match3.7.x
ORtypo3typo3Match3.8
ORtypo3typo3Match3.8.x
ORtypo3typo3Match4.0
ORtypo3typo3Match4.0.1
ORtypo3typo3Match4.0.2
ORtypo3typo3Match4.0.3
ORtypo3typo3Match4.0.4
ORtypo3typo3Match4.0.5
ORtypo3typo3Match4.0.6
ORtypo3typo3Match4.0.7
ORtypo3typo3Match4.0.8
ORtypo3typo3Match4.0.9
ORtypo3typo3Match4.0.10
ORtypo3typo3Match4.0.11
ORtypo3typo3Match4.1.0
ORtypo3typo3Match4.1.0beta1
ORtypo3typo3Match4.1.0rc1
ORtypo3typo3Match4.1.1
ORtypo3typo3Match4.1.2
ORtypo3typo3Match4.1.3
ORtypo3typo3Match4.1.4
ORtypo3typo3Match4.1.5
ORtypo3typo3Match4.1.6
ORtypo3typo3Match4.1.7
ORtypo3typo3Match4.1.8
ORtypo3typo3Match4.1.9
ORtypo3typo3Match4.1.10
ORtypo3typo3Match4.1.11
ORtypo3typo3Match4.1.12
ORtypo3typo3Match4.2.0
ORtypo3typo3Match4.2.1
ORtypo3typo3Match4.2.2
ORtypo3typo3Match4.2.3
ORtypo3typo3Match4.2.4
ORtypo3typo3Match4.2.5
ORtypo3typo3Match4.2.6
ORtypo3typo3Match4.2.7
ORtypo3typo3Match4.2.8
ORtypo3typo3Match4.2.9
ORtypo3typo3Match4.3
ORtypo3typo3Match4.3alpha1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| typo3 | typo3 | * | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* |
| typo3 | typo3 | 0.1.2 | cpe:2.3:a:typo3:typo3:0.1.2:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.0.14 | cpe:2.3:a:typo3:typo3:1.0.14:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.1 | cpe:2.3:a:typo3:typo3:1.1:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.1.1 | cpe:2.3:a:typo3:typo3:1.1.1:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.1.09 | cpe:2.3:a:typo3:typo3:1.1.09:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.1.10 | cpe:2.3:a:typo3:typo3:1.1.10:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.2.0 | cpe:2.3:a:typo3:typo3:1.2.0:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.3.0 | cpe:2.3:a:typo3:typo3:1.3.0:*:*:*:*:*:*:* |
| typo3 | typo3 | 1.3.2 | cpe:2.3:a:typo3:typo3:1.3.2:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2009-3635
2009-11-02 15:30:00
prion
prion
Design/Logic Flaw
2009-11-02 15:30:00
ubuntucve
ubuntucve
CVE-2009-3635
2009-11-02 00:00:00
cvelist
cvelist
CVE-2009-3635
2009-11-02 15:00:00
openvas
openvas
TYPO3 Multiple Vulnerabilities (Oct 2009)
2013-12-27 00:00:00
FreeBSD Ports: typo3
2009-11-11 00:00:00
Debian Security Advisory DSA 1926-1 (typo3-src)
2009-11-11 00:00:00
freebsd
freebsd
typo3 -- multiple vulnerabilities in TYPO3 Core
2009-10-22 00:00:00
osv
osv
typo3-src - several vulnerabilities
2009-11-04 00:00:00
nessus
nessus
FreeBSD : typo3 -- multiple vulnerabilities in TYPO3 Core (6693bad2-ca50-11de-8ee8-00215c6a37bb)
2009-11-06 00:00:00
Debian DSA-1926-1 : typo3-src - several vulnerabilities
2010-02-24 00:00:00
debian
debian
[SECURITY] [DSA 1926-1] New TYPO3 packages fix several vulnerabilities
2009-11-04 19:33:20
securityvulns
securityvulns
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
6.6
Confidence
Low
EPSS
0.017
Percentile
87.7%
Related for NVD:CVE-2009-3635