Date: Thu, 29 Mar 2012 22:44:32 +0200 From: Florian Weimer <fw@...eb.enyo.de> To: oss-security@...ts.openwall.com Subject: CVE request: TYPO3-CORE-SA-2012-001 I may have missed a previous request. If I can count properly, there are four different issues: | Vulnerable subcomponent: Extbase Framework | Affected Versions: | Versions 4.4.x and 4.5.x are not affected by this vulnerabilty. | Vulnerability Type: Insecure Unserialize | | Problem Description: Due to a missing signature (HMAC) for a request | argument, an attacker could unserialize arbitrary objects within | TYPO3. | | To our knowledge it is neither possible to inject code through this | vulnerability, nor are there exploitable objects within the TYPO3 | Core. However, there might be exploitable objects within third party | extensions. | Vulnerable subcomponent: TYPO3 Backend | Vulnerability Type: Cross-Site Scripting | | Problem Description: Failing to properly HTML-encode user input in | several places, the TYPO3 backend is susceptible to Cross-Site | Scripting. A valid backend user is required to exploit these | vulnerabilities. | Vulnerable subcomponent: TYPO3 Command Line Interface | Vulnerability Type: Information Disclosure | | Problem Description: Accessing a CLI Script directly with a browser | may disclose the database name used for the TYPO3 installation. | Vulnerable subcomponent: TYPO3 HTML Sanitizing API | Vulnerability Type: Cross-Site Scripting | | Problem Description: By not removing non printable characters, the API | method t3lib_div::RemoveXSS() fails to filter specially crafted HTML | injections, thus is susceptible to Cross-Site Scripting. <http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ