CVE-2009-3628: Infoleak

First published: Mon Nov 02 2009(Updated: )

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Typo3 Typo3	=4.3-alpha1
Typo3 Typo3	=1.1
Typo3 Typo3	=4.1.11
Typo3 Typo3	=4.1.1
Typo3 Typo3	=4.1.0-beta1
Typo3 Typo3	=3.5.x
Typo3 Typo3	=4.2.4
Typo3 Typo3	=4.2.5
Typo3 Typo3	=4.1.8
Typo3 Typo3	=4.1.6
Typo3 Typo3	=0.1.2
Typo3 Typo3	=4.0.10
Typo3 Typo3	=4.2.0
Typo3 Typo3	=4.0.5
Typo3 Typo3	=4.2.8
Typo3 Typo3	=4.1.12
Typo3 Typo3	=4.0.3
Typo3 Typo3	=4.2.3
Typo3 Typo3	=1.3.0
Typo3 Typo3	=3.7.1
Typo3 Typo3	=4.1.4
Typo3 Typo3	=3.7.x
Typo3 Typo3	=1.2.0
Typo3 Typo3	=4.0.4
Typo3 Typo3	=4.2.1
Typo3 Typo3	=4.0.1
Typo3 Typo3	=4.3
Typo3 Typo3	=4.1.7
Typo3 Typo3	=4.1.0
Typo3 Typo3	=1.1.1
Typo3 Typo3	=4.1.0-rc1
Typo3 Typo3	<=4.0.12
Typo3 Typo3	=4.0.2
Typo3 Typo3	=3.5
Typo3 Typo3	=4.2.6
Typo3 Typo3	=4.0.7
Typo3 Typo3	=4.0
Typo3 Typo3	=4.1.9
Typo3 Typo3	=1.1.09
Typo3 Typo3	=4.2.2
Typo3 Typo3	=3.8.x
Typo3 Typo3	=4.0.8
Typo3 Typo3	=3.6.x
Typo3 Typo3	=1.3.2
Typo3 Typo3	=3.0
Typo3 Typo3	=3.7.0
Typo3 Typo3	=3.3.x
Typo3 Typo3	=4.1.3
Typo3 Typo3	=1.1.10
Typo3 Typo3	=4.2.7
Typo3 Typo3	=4.0.6
Typo3 Typo3	=4.0.9
Typo3 Typo3	=1.0.14
Typo3 Typo3	=4.1.5
Typo3 Typo3	=3.8
Typo3 Typo3	=4.1.10
Typo3 Typo3	=4.1.2
Typo3 Typo3	=4.2.9
Typo3 Typo3	=4.0.11
composer/typo3/cms-backend	>=4.3alpha1<4.3beta2	4.3beta2
composer/typo3/cms-backend	>=4.2.0<4.2.10	4.2.10
composer/typo3/cms-backend	>=4.1.0<4.1.13	4.1.13
composer/typo3/cms-backend	<=4.0.13

Remedy

http://www.securityfocus.com/bid/36801

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
agent/type
agent/first-publish-date
collector/github-advisory-latest
source/GitHub
alias/GHSA-2wgg-c8xc-7gg3
alias/CVE-2009-3628
agent/software-canonical-lookup
collector/nvd-cve
source/NVD
agent/weakness
agent/last-modified-date
agent/author
agent/remedy
agent/severity
agent/references
agent/softwarecombine
agent/description
agent/event
collector/github-advisory
agent/tags
collector/mitre-cve
source/MITRE
vendor/typo3
canonical/typo3 typo3
version/typo3 typo3/4.3-alpha1
version/typo3 typo3/1.1
version/typo3 typo3/4.1.11
version/typo3 typo3/4.1.1
version/typo3 typo3/4.1.0-beta1
version/typo3 typo3/3.5.x
version/typo3 typo3/4.2.4
version/typo3 typo3/4.2.5
version/typo3 typo3/4.1.8
version/typo3 typo3/4.1.6
version/typo3 typo3/0.1.2
version/typo3 typo3/4.0.10
version/typo3 typo3/4.2.0
version/typo3 typo3/4.0.5
version/typo3 typo3/4.2.8
version/typo3 typo3/4.1.12
version/typo3 typo3/4.0.3
version/typo3 typo3/4.2.3
version/typo3 typo3/1.3.0
version/typo3 typo3/3.7.1
version/typo3 typo3/4.1.4
version/typo3 typo3/3.7.x
version/typo3 typo3/1.2.0
version/typo3 typo3/4.0.4
version/typo3 typo3/4.2.1
version/typo3 typo3/4.0.1
version/typo3 typo3/4.3
version/typo3 typo3/4.1.7
version/typo3 typo3/4.1.0
version/typo3 typo3/1.1.1
version/typo3 typo3/4.1.0-rc1
version/typo3 typo3/4.0.12
version/typo3 typo3/4.0.2
version/typo3 typo3/3.5
version/typo3 typo3/4.2.6
version/typo3 typo3/4.0.7
version/typo3 typo3/4.0
version/typo3 typo3/4.1.9
version/typo3 typo3/1.1.09
version/typo3 typo3/4.2.2
version/typo3 typo3/3.8.x
version/typo3 typo3/4.0.8
version/typo3 typo3/3.6.x
version/typo3 typo3/1.3.2
version/typo3 typo3/3.0
version/typo3 typo3/3.7.0
version/typo3 typo3/3.3.x
version/typo3 typo3/4.1.3
version/typo3 typo3/1.1.10
version/typo3 typo3/4.2.7
version/typo3 typo3/4.0.6
version/typo3 typo3/4.0.9
version/typo3 typo3/1.0.14
version/typo3 typo3/4.1.5
version/typo3 typo3/3.8
version/typo3 typo3/4.1.10
version/typo3 typo3/4.1.2
version/typo3 typo3/4.2.9
version/typo3 typo3/4.0.11
package-manager/composer

CVE-2009-3628: Infoleak

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact