oss-sec mailing list archives
Re: CVE request: TYPO3-CORE-SA-2012-001
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 29 Mar 2012 19:57:53 -0600
On 03/29/2012 02:44 PM, Florian Weimer wrote:
I may have missed a previous request. If I can count properly, there are four different issues:
You can count properly!
| Vulnerable subcomponent: Extbase Framework | Affected Versions: | Versions 4.4.x and 4.5.x are not affected by this vulnerabilty. | Vulnerability Type: Insecure Unserialize | | Problem Description: Due to a missing signature (HMAC) for a request | argument, an attacker could unserialize arbitrary objects within | TYPO3. | | To our knowledge it is neither possible to inject code through this | vulnerability, nor are there exploitable objects within the TYPO3 | Core. However, there might be exploitable objects within third party | extensions.
Please use CVE-2012-1605 for this issue.
| Vulnerable subcomponent: TYPO3 Backend | Vulnerability Type: Cross-Site Scripting | | Problem Description: Failing to properly HTML-encode user input in | several places, the TYPO3 backend is susceptible to Cross-Site | Scripting. A valid backend user is required to exploit these | vulnerabilities.
Please use CVE-2012-1606 for this issue.
| Vulnerable subcomponent: TYPO3 Command Line Interface | Vulnerability Type: Information Disclosure | | Problem Description: Accessing a CLI Script directly with a browser | may disclose the database name used for the TYPO3 installation.
Please use CVE-2012-1607 for this issue.
| Vulnerable subcomponent: TYPO3 HTML Sanitizing API | Vulnerability Type: Cross-Site Scripting | | Problem Description: By not removing non printable characters, the API | method t3lib_div::RemoveXSS() fails to filter specially crafted HTML | injections, thus is susceptible to Cross-Site Scripting.
Please use CVE-2012-1608 for this issue.
<http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/>
-- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- CVE request: TYPO3-CORE-SA-2012-001 Florian Weimer (Mar 29)
- Re: CVE request: TYPO3-CORE-SA-2012-001 Kurt Seifried (Mar 29)