CVE-2012-3529: Infoleak
First published: Wed Sep 05 2012(Updated: )
The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/typo3/cms | >=4.7<4.7.4 | 4.7.4 |
| composer/typo3/cms | >=4.6<4.6.12 | 4.6.12 |
| composer/typo3/cms | >=4.5<4.5.19 | 4.5.19 |
| TYPO3 | =4.5 | |
| TYPO3 | =4.5.0 | |
| TYPO3 | =4.5.1 | |
| TYPO3 | =4.5.2 | |
| TYPO3 | =4.5.3 | |
| TYPO3 | =4.5.4 | |
| TYPO3 | =4.5.5 | |
| TYPO3 | =4.5.6 | |
| TYPO3 | =4.5.7 | |
| TYPO3 | =4.5.8 | |
| TYPO3 | =4.5.9 | |
| TYPO3 | =4.5.10 | |
| TYPO3 | =4.5.11 | |
| TYPO3 | =4.5.12 | |
| TYPO3 | =4.5.13 | |
| TYPO3 | =4.5.14 | |
| TYPO3 | =4.5.15 | |
| TYPO3 | =4.5.16 | |
| TYPO3 | =4.5.17 | |
| TYPO3 | =4.5.18 | |
| TYPO3 | =4.6 | |
| TYPO3 | =4.6.0 | |
| TYPO3 | =4.6.1 | |
| TYPO3 | =4.6.2 | |
| TYPO3 | =4.6.3 | |
| TYPO3 | =4.6.4 | |
| TYPO3 | =4.6.5 | |
| TYPO3 | =4.6.6 | |
| TYPO3 | =4.6.7 | |
| TYPO3 | =4.6.8 | |
| TYPO3 | =4.6.9 | |
| TYPO3 | =4.6.10 | |
| TYPO3 | =4.6.11 | |
| TYPO3 | =4.7 | |
| TYPO3 | =4.7.0 | |
| TYPO3 | =4.7.1 | |
| TYPO3 | =4.7.2 | |
| TYPO3 | =4.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2012-3529
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77793
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/
- http://www.debian.org/security/2012/dsa-2537
- http://www.openwall.com/lists/oss-security/2012/08/22/8
- https://github.com/advisories/GHSA-7gg8-3r6j-5g55 (Advisory)
- http://osvdb.org/84775
- http://secunia.com/advisories/50287
Frequently Asked Questions
What is the severity of CVE-2012-3529?
The severity of CVE-2012-3529 is considered high due to the risk of exposing sensitive encryption keys to remote authenticated users.
How do I fix CVE-2012-3529?
To fix CVE-2012-3529, update TYPO3 to version 4.5.19, 4.6.12, or 4.7.4 or later.
Which versions of TYPO3 are affected by CVE-2012-3529?
CVE-2012-3529 affects TYPO3 versions 4.5.x prior to 4.5.19, 4.6.x prior to 4.6.12, and 4.7.x prior to 4.7.4.
What type of vulnerability is CVE-2012-3529?
CVE-2012-3529 is a security vulnerability that allows unauthorized exposure of encryption keys.
Can CVE-2012-3529 be exploited remotely?
Yes, CVE-2012-3529 can be exploited by remote authenticated backend users.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/weakness
- agent/description
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-7gg8-3r6j-5g55
- alias/CVE-2012-3529
- agent/software-canonical-lookup
- agent/event
- collector/github-advisory
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/composer
- vendor/typo3
- canonical/typo3 typo3
- version/typo3 typo3/4.5
- version/typo3 typo3/4.5.0
- version/typo3 typo3/4.5.1
- version/typo3 typo3/4.5.2
- version/typo3 typo3/4.5.3
- version/typo3 typo3/4.5.4
- version/typo3 typo3/4.5.5
- version/typo3 typo3/4.5.6
- version/typo3 typo3/4.5.7
- version/typo3 typo3/4.5.8
- version/typo3 typo3/4.5.9
- version/typo3 typo3/4.5.10
- version/typo3 typo3/4.5.11
- version/typo3 typo3/4.5.12
- version/typo3 typo3/4.5.13
- version/typo3 typo3/4.5.14
- version/typo3 typo3/4.5.15
- version/typo3 typo3/4.5.16
- version/typo3 typo3/4.5.17
- version/typo3 typo3/4.5.18
- version/typo3 typo3/4.6
- version/typo3 typo3/4.6.0
- version/typo3 typo3/4.6.1
- version/typo3 typo3/4.6.2
- version/typo3 typo3/4.6.3
- version/typo3 typo3/4.6.4
- version/typo3 typo3/4.6.5
- version/typo3 typo3/4.6.6
- version/typo3 typo3/4.6.7
- version/typo3 typo3/4.6.8
- version/typo3 typo3/4.6.9
- version/typo3 typo3/4.6.10
- version/typo3 typo3/4.6.11
- version/typo3 typo3/4.7
- version/typo3 typo3/4.7.0
- version/typo3 typo3/4.7.1
- version/typo3 typo3/4.7.2
- version/typo3 typo3/4.7.3