CVE-2009-3635

First published: Mon Nov 02 2009(Updated: )

The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Typo3 Typo3	=4.3-alpha1
Typo3 Typo3	=1.1
Typo3 Typo3	=4.1.11
Typo3 Typo3	=4.1.1
Typo3 Typo3	=4.1.0-beta1
Typo3 Typo3	=3.5.x
Typo3 Typo3	=4.2.4
Typo3 Typo3	=4.2.5
Typo3 Typo3	=4.1.8
Typo3 Typo3	=4.1.6
Typo3 Typo3	=0.1.2
Typo3 Typo3	=4.0.10
Typo3 Typo3	=4.2.0
Typo3 Typo3	=4.0.5
Typo3 Typo3	=4.2.8
Typo3 Typo3	=4.1.12
Typo3 Typo3	=4.0.3
Typo3 Typo3	=4.2.3
Typo3 Typo3	=1.3.0
Typo3 Typo3	=3.7.1
Typo3 Typo3	=4.1.4
Typo3 Typo3	=3.7.x
Typo3 Typo3	=1.2.0
Typo3 Typo3	=4.0.4
Typo3 Typo3	=4.2.1
Typo3 Typo3	=4.0.1
Typo3 Typo3	=4.3
Typo3 Typo3	=4.1.7
Typo3 Typo3	=4.1.0
Typo3 Typo3	=1.1.1
Typo3 Typo3	=4.1.0-rc1
Typo3 Typo3	<=4.0.12
Typo3 Typo3	=4.0.2
Typo3 Typo3	=3.5
Typo3 Typo3	=4.2.6
Typo3 Typo3	=4.0.7
Typo3 Typo3	=4.0
Typo3 Typo3	=4.1.9
Typo3 Typo3	=1.1.09
Typo3 Typo3	=4.2.2
Typo3 Typo3	=3.8.x
Typo3 Typo3	=4.0.8
Typo3 Typo3	=3.6.x
Typo3 Typo3	=1.3.2
Typo3 Typo3	=3.0
Typo3 Typo3	=3.7.0
Typo3 Typo3	=3.3.x
Typo3 Typo3	=4.1.3
Typo3 Typo3	=1.1.10
Typo3 Typo3	=4.2.7
Typo3 Typo3	=4.0.6
Typo3 Typo3	=4.0.9
Typo3 Typo3	=1.0.14
Typo3 Typo3	=4.1.5
Typo3 Typo3	=3.8
Typo3 Typo3	=4.1.10
Typo3 Typo3	=4.1.2
Typo3 Typo3	=4.2.9
Typo3 Typo3	=4.0.11

Remedy

http://www.securityfocus.com/bid/36801

Remedy

http://www.vupen.com/english/advisories/2009/3009

Never miss a vulnerability like this again

Reference Links

collector/nvd-historical
collector/nvd-index
agent/severity
agent/author
agent/type
agent/event
agent/weakness
agent/references
agent/description
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/remedy
agent/tags
collector/mitre-cve
source/MITRE
vendor/typo3
canonical/typo3 typo3
version/typo3 typo3/4.3-alpha1
version/typo3 typo3/1.1
version/typo3 typo3/4.1.11
version/typo3 typo3/4.1.1
version/typo3 typo3/4.1.0-beta1
version/typo3 typo3/3.5.x
version/typo3 typo3/4.2.4
version/typo3 typo3/4.2.5
version/typo3 typo3/4.1.8
version/typo3 typo3/4.1.6
version/typo3 typo3/0.1.2
version/typo3 typo3/4.0.10
version/typo3 typo3/4.2.0
version/typo3 typo3/4.0.5
version/typo3 typo3/4.2.8
version/typo3 typo3/4.1.12
version/typo3 typo3/4.0.3
version/typo3 typo3/4.2.3
version/typo3 typo3/1.3.0
version/typo3 typo3/3.7.1
version/typo3 typo3/4.1.4
version/typo3 typo3/3.7.x
version/typo3 typo3/1.2.0
version/typo3 typo3/4.0.4
version/typo3 typo3/4.2.1
version/typo3 typo3/4.0.1
version/typo3 typo3/4.3
version/typo3 typo3/4.1.7
version/typo3 typo3/4.1.0
version/typo3 typo3/1.1.1
version/typo3 typo3/4.1.0-rc1
version/typo3 typo3/4.0.12
version/typo3 typo3/4.0.2
version/typo3 typo3/3.5
version/typo3 typo3/4.2.6
version/typo3 typo3/4.0.7
version/typo3 typo3/4.0
version/typo3 typo3/4.1.9
version/typo3 typo3/1.1.09
version/typo3 typo3/4.2.2
version/typo3 typo3/3.8.x
version/typo3 typo3/4.0.8
version/typo3 typo3/3.6.x
version/typo3 typo3/1.3.2
version/typo3 typo3/3.0
version/typo3 typo3/3.7.0
version/typo3 typo3/3.3.x
version/typo3 typo3/4.1.3
version/typo3 typo3/1.1.10
version/typo3 typo3/4.2.7
version/typo3 typo3/4.0.6
version/typo3 typo3/4.0.9
version/typo3 typo3/1.0.14
version/typo3 typo3/4.1.5
version/typo3 typo3/3.8
version/typo3 typo3/4.1.10
version/typo3 typo3/4.1.2
version/typo3 typo3/4.2.9
version/typo3 typo3/4.0.11

CVE-2009-3635

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact