Package: typo3-src Severity: critical Tags: security
Affected Versions: 4.2.14 and below, 4.3.6 and below, 4.4.3 and below Vulnerability Types: Remote File Disclosure, Cross-Site Scripting (XSS), Privilege Escalation, Denial of Service Vulnerable subcomponent #1: Access tracking mechanism Vulnerability Type: Remote File Disclosure Severity: Critical Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:C/I:N/A:N/E:F/RL:OF/RC:C Problem Description: A Remote File Disclosure vulnerability in the jumpUrl mechanism, used to track access on web pages and provided files, allows a remote attacker to read arbitrary files on a host. Because of a non-typesafe comparison between the submitted and the calculated hash, it is possible to spoof a hash value to bypass the access control. There's no authentication required to exploit this vulnerability. The vulnerability allows to read any file, the web server user account has access to. Vulnerable subcomponent #2: Backend Vulnerability Type: Cross-Site Scripting Severity: Medium Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C Problem Description: Failing to sanitize user input, the TYPO3 backend is susceptible to XSS attacks in several places. A valid backend login is required to exploit these vulnerabilities. Vulnerability Type: Remote File Disclosure Severity: Low Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:C/I:P/A:N/E:F/RL:OF/RC:C Problem Description: Failing to properly validate user input, the Extension Manager is susceptible to Remote File Disclosure. By forging a special request parameter it is possible to view (and edit under special conditions) the contents of every file the webserver has access to. A valid admin user login is required to exploit this vulnerability. Vulnerability Type: Privilege Escalation Severity: Medium Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C Problem Description: Failing to properly validate user input, the sys_action task "be_user_creation" is susceptible to Privilege Escalation. By forging a POST request an editor with the rights to create users in the taskcenter, can create users which are a member of arbitrary usergroups and by that probably leverage her privileges. Vulnerable subcomponent #3: Validation/ Filtering API Vulnerability Type: Denial of Service Severity: Medium Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C Problem Description: Because of a PHP crash in the filter_var() function when passing large strings to it, TYPO3 is susceptible to a Denial of Service attack in every place the API function t3lib_div::validEmail() is used. Vulnerability Type: Cross-Site Scripting Severity: Low Suggested CVSS v2.0: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C Problem Description: The normalisation feature of the RemoveXSS function was incomplete, allowing an attacker to inject arbitrary JavaScript code. -- MfG, Christian Welzel GPG-Key: http://www.camlann.de/de/pgpkey.html Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
