PT-2009-3414 · Typo3 · Typo3
Hanno Böck
·
Publicado
2009-03-05
·
Atualizado
2022-05-02
·
CVE-2009-0815
CVSS v4.0
6.9
Média
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions 3.3.x through 3.8.x
TYPO3 versions 4.0 through 4.0.11
TYPO3 versions 4.1 through 4.1.9
TYPO3 versions 4.2 through 4.2.5
TYPO3 version 4.3alpha1
Description
The issue concerns a mechanism in TYPO3 that leaks a hash secret in an error message, allowing remote attackers to read arbitrary files by including the hash in a request.
Recommendations
For versions 3.3.x through 3.8.x, update to a version outside of this range to resolve the issue.
For versions 4.0 through 4.0.11, update to version 4.0.12 or later.
For versions 4.1 through 4.1.9, update to version 4.1.10 or later.
For versions 4.2 through 4.2.5, update to version 4.2.6 or later.
For version 4.3alpha1, update to a later version to mitigate the risk.
Exploit
Correção
Generation of Error Message Containing Sensitive Information
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Typo3