CVE-2012-1605

Опубликовано: 04 сент. 2012

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.0094

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2012-1605

ubuntu

больше 13 лет назад

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument." To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the TYPO3 Core. However, there might be exploitable objects within third party extensions.

CVE-2012-1605

debian

больше 13 лет назад

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unser ...

GHSA-7jfm-px59-99w8

github

больше 3 лет назад

Typo3 Extbase Framework Unsafe Deserialization

EPSS

Процентиль: 76%

0.0094

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other