SB2019110115 - Multiple vulnerabilities in TYPO3 TYPO3
Published: November 1, 2019 Updated: July 17, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Inadequate Encryption Strength (CVE-ID: CVE-2010-3670)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness during generation of a hash with the "forgot password" function.
2) Session Fixation (CVE-ID: CVE-2010-3671)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.
3) Cross-site scripting (CVE-ID: CVE-2010-3672)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
4) Information disclosure (CVE-ID: CVE-2010-3673)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows information disclosure in the mail header of the HTML mailing API.
5) Cross-site scripting (CVE-ID: CVE-2010-3674)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
6) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2010-3668)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Header Injection in the secure download feature jumpurl.
7) Cross-site scripting (CVE-ID: CVE-2010-3669)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
8) SQL injection (CVE-ID: CVE-2010-3662)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data on the backend in TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
9) Arbitrary file upload (CVE-ID: CVE-2010-3663)
The vulnerability allows a remote authenticated user to execute arbitrary code.
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
10) Information disclosure (CVE-ID: CVE-2010-3664)
The vulnerability allows a remote authenticated user to gain access to sensitive information.
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.
11) Cross-site scripting (CVE-ID: CVE-2010-3665)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
12) Use of insufficiently random values (CVE-ID: CVE-2010-3666)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains insecure randomness in the uniqid function.
13) Input validation error (CVE-ID: CVE-2010-3667)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.
14) Cross-site scripting (CVE-ID: CVE-2010-3660)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
15) Open redirect (CVE-ID: CVE-2010-3661)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.
Remediation
Install update from vendor's website.
References
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719
- https://security-tracker.debian.org/tracker/CVE-2010-3670
- https://typo3.org/security/advisory/typo3-sa-2010-012/#Insecure_Randomness
- https://security-tracker.debian.org/tracker/CVE-2010-3671
- https://typo3.org/security/advisory/typo3-sa-2010-012/#Broken_Authentication_and_Session_Management
- https://security-tracker.debian.org/tracker/CVE-2010-3672
- https://typo3.org/security/advisory/typo3-sa-2010-012/#XSS
- https://security-tracker.debian.org/tracker/CVE-2010-3673
- https://typo3.org/security/advisory/typo3-sa-2010-012/#Information_Disclosure
- https://security-tracker.debian.org/tracker/CVE-2010-3674
- https://security-tracker.debian.org/tracker/CVE-2010-3668
- https://typo3.org/security/advisory/typo3-sa-2010-012/#Header_Injection
- https://security-tracker.debian.org/tracker/CVE-2010-3669
- https://security-tracker.debian.org/tracker/CVE-2010-3662
- https://typo3.org/security/advisory/typo3-sa-2010-012/#SQL_Injection
- https://security-tracker.debian.org/tracker/CVE-2010-3663
- https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution
- https://security-tracker.debian.org/tracker/CVE-2010-3664
- https://security-tracker.debian.org/tracker/CVE-2010-3665
- https://security-tracker.debian.org/tracker/CVE-2010-3666
- https://security-tracker.debian.org/tracker/CVE-2010-3667
- https://typo3.org/security/advisory/typo3-sa-2010-012/#Spam_Abuse
- https://security-tracker.debian.org/tracker/CVE-2010-3660
- https://security-tracker.debian.org/tracker/CVE-2010-3661
- https://typo3.org/security/advisory/typo3-sa-2010-012/#Open_Redirection