Debian 4.0 DSA-1711-1: Critical TYPO3 Remote Execution Threats
debian
January 26, 2009
Several remotely exploitable vulnerabilities have been discovered in the TYPO3 web content management framework
Summary
Several remotely exploitable vulnerabilities have been discovered in the
TYPO3 web content management framework. The Common Vulnerabilities and
Exposures project identifies the following problems:
CVE-2009-0255
Chris John Riley discovered that the TYPO3-wide used encryption key is
generated with an insufficiently random seed resulting in low entropy
which makes it easier for attackers to crack this key.
CVE-2009-0256
Marcus Krause discovered that TYPO3 is not invalidating a supplied session
on authentication which allows an attacker to take over a victims
session via a session fixation attack.
CVE-2009-0257
Multiple cross-site scripting vulnerabilities allow remote attackers to
inject arbitrary web script or HTML via various arguments and user-
supplied strings used in the indexed search system extension, adodb
extension test scripts or the workspace module.
CVE-2009-0258
Mads Olesen discovered a remote command injection vulnerability in
the indexed se...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: typo3-src
CVE ID: CVE-2009-0255 CVE-2009-0256 CVE-2009-0257 CVE-2009-0258
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!