CVE-2009-3630
First published: Mon Nov 02 2009(Updated: )
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/typo3/cms-backend | >=4.3alpha1<4.3beta2 | 4.3beta2 |
| composer/typo3/cms-backend | >=4.2.0<4.2.10 | 4.2.10 |
| composer/typo3/cms-backend | >=4.1.0<4.1.13 | 4.1.13 |
| composer/typo3/cms-backend | <=4.0.13 | |
| TYPO3 | <=4.0.12 | |
| TYPO3 | =0.1.2 | |
| TYPO3 | =1.0.14 | |
| TYPO3 | =1.1 | |
| TYPO3 | =1.1.1 | |
| TYPO3 | =1.1.09 | |
| TYPO3 | =1.1.10 | |
| TYPO3 | =1.2.0 | |
| TYPO3 | =1.3.0 | |
| TYPO3 | =1.3.2 | |
| TYPO3 | =3.0 | |
| TYPO3 | =3.3.x | |
| TYPO3 | =3.5 | |
| TYPO3 | =3.5.x | |
| TYPO3 | =3.6.x | |
| TYPO3 | =3.7.0 | |
| TYPO3 | =3.7.1 | |
| TYPO3 | =3.7.x | |
| TYPO3 | =3.8 | |
| TYPO3 | =3.8.x | |
| TYPO3 | =4.0 | |
| TYPO3 | =4.0.1 | |
| TYPO3 | =4.0.2 | |
| TYPO3 | =4.0.3 | |
| TYPO3 | =4.0.4 | |
| TYPO3 | =4.0.5 | |
| TYPO3 | =4.0.6 | |
| TYPO3 | =4.0.7 | |
| TYPO3 | =4.0.8 | |
| TYPO3 | =4.0.9 | |
| TYPO3 | =4.0.10 | |
| TYPO3 | =4.0.11 | |
| TYPO3 | =4.1.0 | |
| TYPO3 | =4.1.0-beta1 | |
| TYPO3 | =4.1.0-rc1 | |
| TYPO3 | =4.1.1 | |
| TYPO3 | =4.1.2 | |
| TYPO3 | =4.1.3 | |
| TYPO3 | =4.1.4 | |
| TYPO3 | =4.1.5 | |
| TYPO3 | =4.1.6 | |
| TYPO3 | =4.1.7 | |
| TYPO3 | =4.1.8 | |
| TYPO3 | =4.1.9 | |
| TYPO3 | =4.1.10 | |
| TYPO3 | =4.1.11 | |
| TYPO3 | =4.1.12 | |
| TYPO3 | =4.2.0 | |
| TYPO3 | =4.2.1 | |
| TYPO3 | =4.2.2 | |
| TYPO3 | =4.2.3 | |
| TYPO3 | =4.2.4 | |
| TYPO3 | =4.2.5 | |
| TYPO3 | =4.2.6 | |
| TYPO3 | =4.2.7 | |
| TYPO3 | =4.2.8 | |
| TYPO3 | =4.2.9 | |
| TYPO3 | =4.3 | |
| TYPO3 | =4.3-alpha1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/36801
- http://secunia.com/advisories/37122
- http://www.vupen.com/english/advisories/2009/3009
- http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/
- http://marc.info/?l=oss-security&m=125632856206736&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53920
- https://nvd.nist.gov/vuln/detail/CVE-2009-3630
- https://web.archive.org/web/20101223093042/http://www.securityfocus.com/bid/36801
- https://github.com/advisories/GHSA-mg66-3x8x-r8g2 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2009-3630?
CVE-2009-3630 is classified as a vulnerability that allows remote authenticated users to perform frame hijacking within the TYPO3 backend.
How do I fix CVE-2009-3630?
To fix CVE-2009-3630, update TYPO3 to version 4.3beta2 or later, 4.2.10, or 4.1.13.
Which versions of TYPO3 are affected by CVE-2009-3630?
CVE-2009-3630 affects TYPO3 versions up to and including 4.3beta1, as well as versions 4.0.13 and earlier.
Can CVE-2009-3630 be exploited by unauthenticated users?
No, CVE-2009-3630 requires authentication, thus only remote authenticated users can exploit this vulnerability.
What type of attack does CVE-2009-3630 facilitate?
CVE-2009-3630 facilitates a frame hijacking attack by allowing malicious framed content to be displayed within the TYPO3 backend.
- agent/type
- agent/remedy
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-mg66-3x8x-r8g2
- alias/CVE-2009-3630
- agent/software-canonical-lookup
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- package-manager/composer
- vendor/typo3
- canonical/typo3 typo3
- version/typo3 typo3/4.0.12
- version/typo3 typo3/0.1.2
- version/typo3 typo3/1.0.14
- version/typo3 typo3/1.1
- version/typo3 typo3/1.1.1
- version/typo3 typo3/1.1.09
- version/typo3 typo3/1.1.10
- version/typo3 typo3/1.2.0
- version/typo3 typo3/1.3.0
- version/typo3 typo3/1.3.2
- version/typo3 typo3/3.0
- version/typo3 typo3/3.3.x
- version/typo3 typo3/3.5
- version/typo3 typo3/3.5.x
- version/typo3 typo3/3.6.x
- version/typo3 typo3/3.7.0
- version/typo3 typo3/3.7.1
- version/typo3 typo3/3.7.x
- version/typo3 typo3/3.8
- version/typo3 typo3/3.8.x
- version/typo3 typo3/4.0
- version/typo3 typo3/4.0.1
- version/typo3 typo3/4.0.2
- version/typo3 typo3/4.0.3
- version/typo3 typo3/4.0.4
- version/typo3 typo3/4.0.5
- version/typo3 typo3/4.0.6
- version/typo3 typo3/4.0.7
- version/typo3 typo3/4.0.8
- version/typo3 typo3/4.0.9
- version/typo3 typo3/4.0.10
- version/typo3 typo3/4.0.11
- version/typo3 typo3/4.1.0
- version/typo3 typo3/4.1.0-beta1
- version/typo3 typo3/4.1.0-rc1
- version/typo3 typo3/4.1.1
- version/typo3 typo3/4.1.2
- version/typo3 typo3/4.1.3
- version/typo3 typo3/4.1.4
- version/typo3 typo3/4.1.5
- version/typo3 typo3/4.1.6
- version/typo3 typo3/4.1.7
- version/typo3 typo3/4.1.8
- version/typo3 typo3/4.1.9
- version/typo3 typo3/4.1.10
- version/typo3 typo3/4.1.11
- version/typo3 typo3/4.1.12
- version/typo3 typo3/4.2.0
- version/typo3 typo3/4.2.1
- version/typo3 typo3/4.2.2
- version/typo3 typo3/4.2.3
- version/typo3 typo3/4.2.4
- version/typo3 typo3/4.2.5
- version/typo3 typo3/4.2.6
- version/typo3 typo3/4.2.7
- version/typo3 typo3/4.2.8
- version/typo3 typo3/4.2.9
- version/typo3 typo3/4.3
- version/typo3 typo3/4.3-alpha1