CVE-2010-3714

Name of the Vulnerable Software and Affected Versions TYPO3 versions 4.2.x through 4.2.14 TYPO3 versions 4.3.x through 4.3.6 TYPO3 versions 4.4.x through 4.4.3

Description The issue is related to the jumpUrl implementation in tslib/class.tslib fe.php, which does not properly compare certain hash values during access-control decisions. This allows remote attackers to read arbitrary files via unspecified vectors. The vulnerability can be exploited remotely and may lead to a breach of confidentiality of protected information.

Recommendations For TYPO3 versions 4.2.x through 4.2.14, update to version 4.2.15 or later. For TYPO3 versions 4.3.x through 4.3.6, update to version 4.3.7 or later. For TYPO3 versions 4.4.x through 4.4.3, update to version 4.4.4 or later.