Package: typo3-src Severity: critical Tags: security
Component Type: TYPO3 Core Affected Versions: 4.4.0 up to 4.4.13, 4.5.0 up to 4.5.13, 4.6.0 up to 4.6.6 and development releases of the 4.7 and 6.0 branch. Vulnerability Types: Cross-Site Scripting, Information Disclosure, Insecure Unserialize Overall Severity: Medium Release Date: March 28, 2012 Vulnerable subcomponent: Extbase Framework Affected Versions: Versions 4.4.x and 4.5.x are NOT affected by this vulnerabilty. Vulnerability Type: Insecure Unserialize Severity: Medium Suggested CVSS v2.0: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C Problem Description: Due to a missing signature (HMAC) for a request argument, an attacker could unserialize arbitrary objects within TYPO3. To our knowledge it is neither possible to inject code through this vulnerability, nor are there exploitable objects within the TYPO3 Core. However, there might be exploitable objects within third party extensions. Vulnerable subcomponent: TYPO3 Backend Vulnerability Type: Cross-Site Scripting Severity: Medium Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:F/RL:OF/RC:C Problem Description: Failing to properly HTML-encode user input in several places, the TYPO3 backend is susceptible to Cross-Site Scripting. A valid backend user is required to exploit these vulnerabilities. IMPORTANT NOTE: With these TYPO3 versions the description field of the filelink content element is HTML encoded by default. If you allowed editors to enter HTML code in this field, you may want to add the following line to your TypoScript template, before updating. tt_content.uploads.20.itemRendering.20.2.htmlSpecialChars = 0 Allowing HTML in this field is discouraged for editors, same as allowing the plain HTML content element. Vulnerable subcomponent: TYPO3 Command Line Interface Vulnerability Type: Information Disclosure Severity: Low Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C Problem Description: Accessing a CLI Script directly with a browser may disclose the database name used for the TYPO3 installation. Vulnerable subcomponent: TYPO3 HTML Sanitizing API Vulnerability Type: Cross-Site Scripting Severity: Medium Suggested CVSS v2.0: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C Problem Description: By not removing non printable characters, the API method t3lib_div::RemoveXSS() fails to filter specially crafted HTML injections, thus is susceptible to Cross-Site Scripting. -- MfG, Christian Welzel GPG-Key: http://www.camlann.de/de/pgpkey.html Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
