Multiple vulnerabilities in TYPO3
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper Authentication
EUVDB-ID: #VU41580
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2014-3945
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.
MitigationInstall update from vendor's website.
Vulnerable software versionsTYPO3: 4.0 - 6.1.8
CPE2.3- cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
https://www.debian.org/security/2014/dsa-2942
https://www.openwall.com/lists/oss-security/2014/06/03/2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Code Injection
EUVDB-ID: #VU41583
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2014-3942
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote #AU# to read and manipulate data.
The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.
MitigationInstall update from vendor's website.
Vulnerable software versionsTYPO3: 4.5.0 - 6.1.8
CPE2.3- cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
https://www.debian.org/security/2014/dsa-2942
https://www.openwall.com/lists/oss-security/2014/06/03/2
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
