Описание
TYPO3 Improper Session Invalidation
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2014-3944
- https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3944.yaml
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001
- http://www.debian.org/security/2014/dsa-2942
- http://www.openwall.com/lists/oss-security/2014/06/03/2
Пакеты
Наименование
typo3/cms
composer
Затронутые версииВерсия исправления
>= 6.2.0, < 6.2.3
6.2.3
Связанные уязвимости
ubuntu
больше 11 лет назад
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
nvd
больше 11 лет назад
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
debian
больше 11 лет назад
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not prop ...