SB2016072001 - Multiple vulnerabilities in TYPO3
Published: July 20, 2016
Security Bulletin ID
SB2016072001
Severity
Medium
Patch available
YES
Number of vulnerabilities
7
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 7 secuirty vulnerabilities.
1) Cross-site scripting in third party library mso/idna-convert (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.The vulnerability exists in TYPO3 CMS. TYPO3 ships example code from mso/idna-convert library in the vendor folder, which is vulnerable to Cross-Site Scripting.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Environment variable injection in TYPO3 (CVE-ID: CVE-2016-5385)
The vulnerability allows a remote attacker to redirect an application's outbound HTTP traffic.The vulnerability exists in TYPO3 CMS. A remote attacker can redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request.
Successful exploitation of this vulnerability may result in XSS attack and data injection.
3) Cross-site scripting vulnerability in typolinks (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.The vulnerability exists in all link fields within the TYPO3 installation. A remote attacker can insert data commands by using the url scheme "data:" and conduct cross-site scripting attacks.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
4) Insecure unserialize in TYPO3 Import/Export (CVE-ID: N/A)
The vulnerability allows a remote attacker to modify data on the target system.The vulnerability exists in TYPO3. A remote authenticated user with a valid backend account can modify data on the target system by exploiting a deserialization flaw in the Import/Export component.
Successful exploitation of this vulnerability may result in modification of system information.
5) Information disclosure in TYPO3 backend (CVE-ID: N/A)
The vulnerability allows a remote attacker to receive valid backend usernames.The vulnerability exists in the TYPO3 backend module. A remote user can receive valid backend usernames by guessing the file path to the cache files.
Successful exploitation of this vulnerability may result in disclosure of system information.
6) SQL injection in TYPO3 frontend login (CVE-ID: N/A)
The vulnerability allows a remote attacker to inject SQL commands.The vulnerability exists due to improper validation of user-supplied input. A remote authenticated user can execute SQL commands on the underlying database by supplying a specially crafted parameter value.
Successful exploitation of this vulnerability may result in SQL commands execution.
7) Cross-site scripting in TYPO3 backend (CVE-ID: N/A)
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.The vulnerability exists due to improper filtering HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the TYPO3 software. As a result, the code will be able to access the target user's cookies, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Install update from vendor's website.
References
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-020/
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-019/
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-018/
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-015/
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-017/
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-016/
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-014/