Package: typo3-src Severity: critical Tags: security
It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Component Type: TYPO3 CMS Overall Severity: Medium Release Date: May 22, 2014 Vulnerability Type: Host Spoofing Affected Versions: Versions 4.5.0 to 4.5.33, 4.7.0 to 4.7.18, 6.0.0 to 6.0.13, 6.1.0 to 6.1.8 and 6.2.0 to 6.2.2 Severity: Medium CVE: not assigned yet Problem Description: Failing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, http(s) enforcement, password reset links and many more. Since the host header itself is provided by the client it can be forged to any value, even in a name based virtual hosts environment. A blog post describes this problem in great detail. Vulnerable subcomponent: Color Picker Wizard Vulnerability Type: Insecure Unserialize Affected Versions: Versions 4.5.0 to 4.5.33, 4.7.0 to 4.7.18, 6.0.0 to 6.0.13 and 6.1.0 to 6.1.8 Severity: Low CVE: not assigned yet Problem Description: Failing to validate authenticity of a passed serialized string, the color picker wizard is susceptible to insecure unserialize, allowing authenticated editors to unserialize arbitrary PHP objects. Vulnerable subcomponent: Backend Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 4.5.0 to 4.5.33, 4.7.0 to 4.7.18, 6.0.0 to 6.0.13, 6.1.0 to 6.1.8 and 6.2.0 to 6.2.2 Severity: Low CVE: not assigned yet Problem Description: Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript by crafting URL parameters. Vulnerable subcomponent: ExtJS Vulnerability Type: Cross-Site Scripting Affected Versions: Versions 4.5.0 to 4.5.33, 4.7.0 to 4.7.18, 6.0.0 to 6.0.13, 6.1.0 to 6.1.8 and 6.2.0 to 6.2.2 Severity: Medium CVE: not assigned yet Problem Description: The ExtJS JavaScript framework that is shipped with TYPO3 also delivers a flash file to show charts. This file is susceptible to Cross-Site Scripting. This vulnerability can be exploited without any authentication. Vulnerable subcomponent: Authentication Vulnerability Type: Authentication Bypass Affected Versions: All TYPO3 versions not configured to use salted passwords Severity: medium CVE: not assigned yet Problem Description: When the use of salted password is disabled (which is enabled by default since TYPO3 4.6 and required since TYPO3 6.2) passwords for backend access are stored as md5 hash in the database. This hash (e.g. taken from a successful SQL injection) can be used directly to authenticate backend users without knowing or reverse engineering the password. -- MfG, Christian Welzel GPG-Key: pub 4096R/5117E119 2011-09-19 Fingerprint: 3688 337C 0D3E 3725 94EC E401 8D52 CDE9 5117 E119 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
