PT-2009-3414 · Typo3 · Typo3
Hanno Böck
·
Published
2009-03-05
·
Updated
2022-05-02
·
CVE-2009-0815
CVSS v4.0
6.9
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions 3.3.x through 3.8.x
TYPO3 versions 4.0 through 4.0.11
TYPO3 versions 4.1 through 4.1.9
TYPO3 versions 4.2 through 4.2.5
TYPO3 version 4.3alpha1
Description
The issue concerns a mechanism in TYPO3 that leaks a hash secret in an error message, allowing remote attackers to read arbitrary files by including the hash in a request.
Recommendations
For versions 3.3.x through 3.8.x, update to a version outside of this range to resolve the issue.
For versions 4.0 through 4.0.11, update to version 4.0.12 or later.
For versions 4.1 through 4.1.9, update to version 4.1.10 or later.
For versions 4.2 through 4.2.5, update to version 4.2.6 or later.
For version 4.3alpha1, update to a later version to mitigate the risk.
Exploit
Fix
Generation of Error Message Containing Sensitive Information
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Typo3