CVE-2009-0815

Опубликовано: 05 мар. 2009

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*

EPSS

Процентиль: 98%

0.498

Средний

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2009-0815

debian

почти 17 лет назад

The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8 ...

GHSA-c22j-84c7-cm77

github

почти 4 года назад

TYPO3 leaks a hash secret in an error message