Debian DSA-2098-1 : typo3-src - several vulnerabilities

medium Nessus Plugin ID 48925

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Several remote vulnerabilities have been discovered in the TYPO3 web content management framework: cross-site Scripting, open redirection, SQL injection, broken authentication and session management, insecure randomness, information disclosure and arbitrary code execution. More details can be found in the Typo3 security advisory.

Solution

Upgrade the typo3-src package.

For the stable distribution (lenny), these problems have been fixed in version 4.2.5-1+lenny4.

Plugin Details

Severity: Medium

ID: 48925

File Name: debian_DSA-2098.nasl

Version: 1.14

Type: local

Agent: unix

Family: Debian Local Security Checks

Published: 8/30/2010

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:typo3-src, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/29/2010

Vulnerability Publication Date: 8/29/2010

Reference Information

BID: 42029

DSA: 2098

Detections

Analytics