CVE-2013-7400

Опубликовано: 29 дек. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.

Ссылки

http://www.openwall.com/lists/oss-security/2014/09/11/4
Issue Tracking
Mailing List
https://extensions.typo3.org/extension/direct_mail/
Product
Release Notes
Vendor Advisory
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-014/
Vendor Advisory
http://www.openwall.com/lists/oss-security/2014/09/11/4
Issue Tracking
Mailing List
https://extensions.typo3.org/extension/direct_mail/
Product
Release Notes
Vendor Advisory
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-014/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dkd:direct_mail:*:*:*:*:*:typo3:*:*

Версия до 3.1.2 (исключая)

EPSS

Процентиль: 63%

0.00449

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-4mh5-jj5w-3f9q