Package: typo3-src Severity: critical Tags: security
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting, Information Disclosure, Insecure Unserialize leading to Arbitrary Code Execution Component Type: TYPO3 Core Affected Versions: 4.5.0 up to 4.5.18, 4.6.0 up to 4.6.11, 4.7.0 up to 4.7.3 and development releases of the 6.0 branch. Vulnerability Types: Cross-Site Scripting, Information Disclosure, Insecure Unserialize Overall Severity: Medium Release Date: August 15, 2012 Vulnerable subcomponent: TYPO3 Backend Help System Vulnerability Type: Insecure Unserialize leading to a possible Arbitrary Code Execution Severity: Medium Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:C/A:N/E:P/RL:O/RC:C Problem Description: Due to a missing signature (HMAC) for a parameter in the view_help.php file, an attacker could unserialize arbitrary objects within TYPO3. We are aware of a working exploit, which can lead to arbitrary code execution. A valid backend user login or multiple successful cross site request forgery attacks are required to exploit this vulnerability. Vulnerable subcomponent: TYPO3 Backend Vulnerability Type: Cross-Site Scripting Severity: Medium Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:F/RL:O/RC:C Problem Description: Failing to properly HTML-encode user input in several places, the TYPO3 backend is susceptible to Cross-Site Scripting. A valid backend user is required to exploit these vulnerabilities. Vulnerability Type: Information Disclosure Severity: Low Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:O/RC:C Problem Description: Accessing the configuration module discloses the Encryption Key. A valid backend user with access to the configuration module is required to exploit this vulnerability. Vulnerable subcomponent: TYPO3 HTML Sanitizing API Vulnerability Type: Cross-Site Scripting Severity: Medium Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:O/RC:C Problem Description: By not removing several HTML5 JavaScript events, the API method t3lib_div::RemoveXSS() fails to filter specially crafted HTML injections, thus is susceptible to Cross-Site Scripting. Failing to properly encode for JavaScript the API method t3lib_div::quoteJSvalue(), it is susceptible to Cross-Site Scripting. Vulnerable subcomponent: TYPO3 Install Tool Vulnerability Type: Cross-Site Scripting Severity: Low Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:F/RL:O/RC:C Problem Description: Failing to properly sanitize user input, the Install Tool is susceptible to Cross-Site Scripting. -- MfG, Christian Welzel GPG-Key: http://www.camlann.de/de/pgpkey.html Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
