oss-sec mailing list archives
CVE request: TYPO3-CORE-SA-2012-005
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 10 Nov 2012 21:14:03 +0100
<http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/> identifies the following vulnerabilities: | Vulnerable subcomponent: TYPO3 Backend History Module | Vulnerability Type: SQL Injection, Cross-Site Scripting | Problem Description: Due to missing encoding of user input, the | history module is susceptible to SQL Injection and Cross-Site | Scripting. A valid backend login is required to exploit this | vulnerability. | | Solution: Update to the TYPO3 version 4.5.21, 4.6.14 or 4.7.6 that fix | the problem described! | | Credits: Credits go to Thomas Worm who discovered and reported the | issue. (Probably needs two CVEs, one for SQL injection, one for cross-site scripting.) | Vulnerable subcomponent: TYPO3 Backend History Module | Vulnerability Type: Information Disclosure | Problem Description: Due to a missing access check, regular editors | could see the history view of arbitrary records, only by forging a | proper URL for the History Module. A valid backend login is required | to exploit this vulnerability. | | Solution: Update to the TYPO3 version 4.5.21, 4.6.14 or 4.7.6 that | fix the problem described! | | Credits: Credits go to Core Team Member Oliver Hader who discovered | and fixed the issue. And: | Vulnerable subcomponent: TYPO3 Backend API | Vulnerability Type: Cross-Site Scripting | Problem Description: Failing to properly HTML-encode user input the | tree render API (TCA-Tree) is susceptible to Cross-Site | Scripting. TYPO3 Versions below 6.0 does not make us of this API, | thus is not exploitable, if no third party extension is installed | which uses this API. A valid backend login is required to exploit | this vulnerability. | | Solution: Update to the TYPO3 version 4.5.21, 4.6.14 or 4.7.6 that | fix the problem described! | | Credits: Credits go to Johannes Feustel who discovered and reported | the issue. (The version range appears to be different from the cross-site scripting above.) | Vulnerable subcomponent: TYPO3 Backend API | Vulnerability Type: Cross-Site Scripting | Problem Description: Failing to properly encode user input, the | function menu API is susceptible to Cross-Site Scripting. A valid | backend login is required to exploit this vulnerability. | | Solution: Update to the TYPO3 version 4.5.21, 4.6.14 or 4.7.6 that | fix the problem described! | | Credits: Credits go to Richard Brain who discovered and reported the | issue. (This can perhaps be merged with the first cross-site scripting CVE.)
Current thread:
- CVE request: TYPO3-CORE-SA-2012-005 Florian Weimer (Nov 10)
- Re: CVE request: TYPO3-CORE-SA-2012-005 Kurt Seifried (Nov 10)