Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-0258
HistoryJan 22, 2009 - 12:00 a.m.

CVE-2009-0258

2009-01-2200:00:00
ubuntu.com
ubuntu.com
20
typo3
indexed search engine
remote command execution
cve-2009-0258
security vulnerability
command-line indexer
shell metacharacters
remote attackers
crafted filename

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.011

Percentile

84.8%

The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0
through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote
attackers to execute arbitrary commands via a crafted filename containing
shell metacharacters, which is not properly handled by the command-line
indexer.

Bugs

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.011

Percentile

84.8%