CVE-2009-0255
First published: Thu Jan 22 2009(Updated: )
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TYPO3 | =4.1.1 | |
| TYPO3 | =4.1.0-beta1 | |
| TYPO3 | =4.1.6 | |
| TYPO3 | =4.2.0 | |
| TYPO3 | =4.0.5 | |
| TYPO3 | =4.0.3 | |
| TYPO3 | =4.2.3 | |
| TYPO3 | =4.1.4 | |
| TYPO3 | =4.0.4 | |
| TYPO3 | =4.2.1 | |
| TYPO3 | =4.0.1 | |
| TYPO3 | =4.1.7 | |
| TYPO3 | =4.1.0 | |
| TYPO3 | =4.1.0-rc1 | |
| TYPO3 | =4.0.2 | |
| TYPO3 | =4.0.7 | |
| TYPO3 | =4.0 | |
| TYPO3 | =4.2.2 | |
| TYPO3 | =4.0.8 | |
| TYPO3 | =4.1.3 | |
| TYPO3 | =4.0.6 | |
| TYPO3 | =4.0.9 | |
| TYPO3 | =4.1.5 | |
| TYPO3 | =4.1.2 | |
| TYPO3 | >=4.0<4.0.10 | |
| TYPO3 | >=4.1.0<4.1.8 | |
| TYPO3 | >=4.2.0<4.2.4 | |
| Debian GNU/Linux | =4.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-0255?
CVE-2009-0255 has a severity rating that indicates it poses a significant risk due to its potential exploitation.
How do I fix CVE-2009-0255?
To fix CVE-2009-0255, you should upgrade TYPO3 to version 4.2.4 or later, which addresses this vulnerability.
What versions of TYPO3 are affected by CVE-2009-0255?
CVE-2009-0255 affects TYPO3 versions 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3.
What is the impact of CVE-2009-0255?
The impact of CVE-2009-0255 could allow attackers to potentially crack the encryption key due to an insufficiently random seed.
Are there any workarounds for CVE-2009-0255?
There are no specific workarounds for CVE-2009-0255, and upgrading the software is the recommended action.
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/source
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/tags
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/typo3
- canonical/typo3
- version/typo3/4.1.1
- version/typo3/4.1.0-beta1
- version/typo3/4.1.6
- version/typo3/4.2.0
- version/typo3/4.0.5
- version/typo3/4.0.3
- version/typo3/4.2.3
- version/typo3/4.1.4
- version/typo3/4.0.4
- version/typo3/4.2.1
- version/typo3/4.0.1
- version/typo3/4.1.7
- version/typo3/4.1.0
- version/typo3/4.1.0-rc1
- version/typo3/4.0.2
- version/typo3/4.0.7
- version/typo3/4.0
- version/typo3/4.2.2
- version/typo3/4.0.8
- version/typo3/4.1.3
- version/typo3/4.0.6
- version/typo3/4.0.9
- version/typo3/4.1.5
- version/typo3/4.1.2
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/4.0