Detections
Analytics

Debian DSA-2098-1 : typo3-src - several vulnerabilities

medium Nessus Plugin ID 48925

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site Scripting, open redirection, SQL injection, broken authentication and session management, insecure randomness, information disclosure and arbitrary code execution. More details can be found in the Typo3 security advisory.

Solution

Upgrade the typo3-src package.

For the stable distribution (lenny), these problems have been fixed in version 4.2.5-1+lenny4.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719

http://www.nessus.org/u?a600eefc

https://www.debian.org/security/2010/dsa-2098

Plugin Details

Severity: Medium

ID: 48925

File Name: debian_DSA-2098.nasl

Version: 1.14

Type: local

Agent: unix

Published: 8/30/2010

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:typo3-src, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/29/2010

Vulnerability Publication Date: 8/29/2010

Reference Information

BID: 42029

DSA: 2098