Date: Thu, 26 May 2016 02:18:16 -0400 (EDT) From: cve-assign@...re.org To: stefan.horlacher@...us-security.ch Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE-Request: TYPO3 Extbase Missing Access Check -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/ > TYPO3-CORE-SA-2016-013 > > Extbase request handling fails to implement a proper access check for > requested controller/ action combinations, which makes it possible for > an attacker to execute arbitrary Extbase actions by crafting a special > request. To successfully exploit this vulnerability, an attacker must > have access to at least one Extbase plugin or module action in a TYPO3 > installation. The missing access check inevitably leads to information > disclosure or remote code execution, depending on the action that an > attacker is able to execute. > TYPO3 installations with at least one publicly available Extbase > action, are exploitable without any further authentication. > > TYPO3 installations without publicly available Extbase actions, are > still exploitable for authenticated backend users with access to a > backend module, which is based on Extbase. Use CVE-2016-5091 for both of these installation scenarios. As far as we can tell, the second scenario ("without publicly available") occurs only because TYPO3 Core code (or a copy of TYPO3 Core code) exists in, or is reachable by, a (supported or unsupported) backend module. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXRpTJAAoJEHb/MwWLVhi2vU8P/34LeiCcFMQRXakBpAKqBQv5 Vox2Wg1HJO0lkpbihKE3ixhvRawSJsT/5TKMqSdBJG5HWQblIOHW9S0JHAazfIge ezxJDJObtDGo8jjUERgvDAsYGgT/ZZ15ApVnCJYaVNc1ZKgM9f1/V044O8+mE1WX 4B6thQZmmbpCK8KWBEwQ9uOxES0168tS4QQ6Iu2mst7vpXnak8RxU1wI8qawFo/7 ySqgNdX6mqAo0TXQ/mPJxkT9sa/Mf+7Hr7L4K8ukRG8OkVaQ74Py4noy+XKm6lV6 IvVN+ILFcu3XcPM98Civu8B6lRi61JGjC1VQwk1UP9mgqSQBrxTRWDQSBOUrvdEI YviIMAMSGEXhEQfG+peTVNJmR0SJr5DBhYn9UY5gHiqqM8q6XMsH6jVrbOYSy/KQ FVVc/9K32pPwG53A9lnNkNs6FFIKzLVDOGBS3zHU9YBprN6ulV1ApIWcWuQm+sZh 81z/CzQZSLV3ovNYagmJpXyOIRmcWkfpD9YtIPwcdZWk3IuuynswSUBKlT57Mu+F 4N3SmHtRAy40ZJA35KWvnCW2PwXV8CQx+EU9B8rGCVYcbGOxtG6BTElMS5fuBwsJ luwySw1sbQgDaECk9JKjTtwBl558KZALjzDXRd3aLv1dq8q9vd93rMifeShSTIlQ 7Oi3kAkzjD1dNVXjhC12 =A6Qx -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ