CVE-2009-0815: Infoleak
First published: Thu Mar 05 2009(Updated: )
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TYPO3 | =4.3-alpha1 | |
| TYPO3 | =3.5.x | |
| TYPO3 | =4.2.4 | |
| TYPO3 | =4.1 | |
| TYPO3 | =4.2 | |
| TYPO3 | =4.2.5 | |
| TYPO3 | =4.1.8 | |
| TYPO3 | =4.1.6 | |
| TYPO3 | =4.2.0 | |
| TYPO3 | =4.2.3 | |
| TYPO3 | =4.1.4 | |
| TYPO3 | =3.7.x | |
| TYPO3 | =4.2.1 | |
| TYPO3 | =4.1.7 | |
| TYPO3 | =4.1.0 | |
| TYPO3 | =4.0 | |
| TYPO3 | =4.1.9 | |
| TYPO3 | =4.2.2 | |
| TYPO3 | =3.8.x | |
| TYPO3 | =3.6.x | |
| TYPO3 | =3.3.x | |
| TYPO3 | =4.1.3 | |
| TYPO3 | =4.1.5 | |
| TYPO3 | =4.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-0815?
CVE-2009-0815 is considered a high severity vulnerability due to its potential to leak sensitive hash information.
How do I fix CVE-2009-0815?
To fix CVE-2009-0815, update TYPO3 to version 4.0.12 or later, 4.1.10 or later, 4.2.6 or later, or ensure you are not using affected versions below these.
What types of TYPO3 versions are affected by CVE-2009-0815?
CVE-2009-0815 affects TYPO3 versions from 3.3.x to 3.8.x and multiple versions of 4.x before their respective patch releases.
What can an attacker do with CVE-2009-0815?
An attacker can exploit CVE-2009-0815 to read arbitrary files on the server by manipulating the hash value in a request.
Is CVE-2009-0815 still relevant today?
Yes, CVE-2009-0815 remains relevant for organizations using outdated versions of TYPO3, as it poses a significant security risk.
- agent/references
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/typo3
- canonical/typo3 typo3
- version/typo3 typo3/4.3-alpha1
- version/typo3 typo3/3.5.x
- version/typo3 typo3/4.2.4
- version/typo3 typo3/4.1
- version/typo3 typo3/4.2
- version/typo3 typo3/4.2.5
- version/typo3 typo3/4.1.8
- version/typo3 typo3/4.1.6
- version/typo3 typo3/4.2.0
- version/typo3 typo3/4.2.3
- version/typo3 typo3/4.1.4
- version/typo3 typo3/3.7.x
- version/typo3 typo3/4.2.1
- version/typo3 typo3/4.1.7
- version/typo3 typo3/4.1.0
- version/typo3 typo3/4.0
- version/typo3 typo3/4.1.9
- version/typo3 typo3/4.2.2
- version/typo3 typo3/3.8.x
- version/typo3 typo3/3.6.x
- version/typo3 typo3/3.3.x
- version/typo3 typo3/4.1.3
- version/typo3 typo3/4.1.5
- version/typo3 typo3/4.1.2