This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
Summuary | |
---|---|
CPE Name | cpe:/a:typo3:typo3:4.4.2 |
Detail | |||
---|---|---|---|
Vendor | typo3 | First view | 2010-10-25 |
Product | typo3 | Last view | 2017-02-11 |
Version | 4.4.2 | Type | Application |
Edition | |||
Language | |||
Update | |||
CPE Product | cpe:/a:typo3:typo3 |
Activity : Overall
Related : CVE
Date | Alert | Access Vector | Access Complexity | Authentication | ||
---|---|---|---|---|---|---|
4.3 | 2017-02-11 | CVE-2017-5963 | Network | Medium | None Requ... | |
6.8 | 2017-01-23 | CVE-2016-5091 | Network | Medium | None Requ... | |
3.5 | 2015-09-16 | CVE-2015-5956 | Network | Medium | Requires ... | |
2.6 | 2015-02-23 | CVE-2015-2047 | Network | High | None Requ... | |
4 | 2014-06-03 | CVE-2014-3945 | Network | High | None Requ... | |
Date | Alert | Access Vector | Access Complexity | Authentication | ||
---|---|---|---|---|---|---|
5 | 2012-09-04 | CVE-2012-1608 | Network | Low | None Requ... | |
5 | 2012-09-04 | CVE-2012-1607 | Network | Low | None Requ... | |
3.5 | 2012-09-04 | CVE-2012-1606 | Network | Medium | Requires ... | |
4.3 | 2012-08-27 | CVE-2012-2112 | Network | Medium | None Requ... | |
6.8 | 2012-05-30 | CVE-2010-5099 | Network | Medium | None Requ... | |
4.3 | 2012-05-21 | CVE-2010-5104 | Network | Medium | None Requ... | |
6 | 2012-05-21 | CVE-2010-5103 | Network | Medium | Requires ... | |
5 | 2012-05-21 | CVE-2010-5102 | Network | Low | None Requ... | |
4 | 2012-05-21 | CVE-2010-5101 | Network | Low | Requires ... | |
3.5 | 2012-05-21 | CVE-2010-5100 | Network | Medium | Requires ... | |
3.5 | 2012-05-21 | CVE-2010-5098 | Network | Medium | Requires ... | |
2.6 | 2012-05-21 | CVE-2010-5097 | Network | High | None Requ... | |
4.9 | 2010-10-25 | CVE-2010-4068 | Network | Medium | Requires ... | |
5 | 2010-10-25 | CVE-2010-3717 | Network | Low | None Requ... | |
4.3 | 2010-10-25 | CVE-2010-3715 | Network | Medium | None Requ... | |
7.1 | 2010-10-25 | CVE-2010-3714 | Network | Medium | None Requ... |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
38% (8) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
14% (3) | CWE-20 | Improper Input Validation |
9% (2) | CWE-287 | Improper Authentication |
9% (2) | CWE-264 | Permissions, Privileges, and Access Controls |
9% (2) | CWE-200 | Information Exposure |
% | id | Name |
---|---|---|
9% (2) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
4% (1) | CWE-254 | Security Features |
4% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:19260 | DSA-2455-1 typo3-src - cross site scripting |
oval:org.mitre.oval:def:20092 | DSA-2445-1 typo3-src - several |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
69219 | TYPO3 t3lib_div::validEmail Function PHP FILTER_VALIDATE_EMAIL Operation Remo... |
69218 | TYPO3 Extension Manager Unspecified Arbitrary File Access |
68593 | TYPO3 typo3/sysext/em/mod1/class.em_index.php Unspecified Traversal Arbitrary... |
68591 | TYPO3 typo3/contrib/RemoveXSS/RemoveXSS.php Unspecified XSS |
68590 | TYPO3 typo3/sysext/cms/tslib/class.tslib_fe.php jumpURL Parameter Traversal A... |
ExploitDB Exploits
id | Description |
---|---|
15856 | TYPO3 Unauthenticated Arbitrary File Retrieval |
OpenVAS Exploits
id | Description |
---|---|
2012-04-30 | Name : FreeBSD Ports: typo3 File : nvt/freebsd_typo34.nasl |
2012-04-30 | Name : Debian Security Advisory DSA 2445-1 (typo3-src) File : nvt/deb_2445_1.nasl |
2012-04-30 | Name : Debian Security Advisory DSA 2455-1 (typo3-src) File : nvt/deb_2455_1.nasl |
2010-11-17 | Name : Debian Security Advisory DSA 2121-1 (typo3-src) File : nvt/deb_2121_1.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | Typo3 CMS index cross site scripting attempt RuleID : 36366 - Type : SERVER-WEBAPP - Revision : 3 |
2016-03-14 | Typo3 CMS show_rechis cross site scripting attempt RuleID : 36365 - Type : SERVER-WEBAPP - Revision : 3 |
2016-03-14 | Typo3 CMS index cross site scripting attempt RuleID : 36364 - Type : SERVER-WEBAPP - Revision : 2 |
2016-03-14 | Typo3 CMS show_rechis cross site scripting attempt RuleID : 36363 - Type : SERVER-WEBAPP - Revision : 2 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2016-08-30 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2016-1022.nasl - Type : ACT_GATHER_INFO |
2016-07-20 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3caf4e6c4cef11e6a15f00248c0c745d.nasl - Type : ACT_GATHER_INFO |
2015-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-3164.nasl - Type : ACT_GATHER_INFO |
2012-04-23 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2455.nasl - Type : ACT_GATHER_INFO |
2012-04-19 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_6751617788ec11e19a100023ae8e59f0.nasl - Type : ACT_GATHER_INFO |
id | Description |
---|---|
2012-04-02 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2445.nasl - Type : ACT_GATHER_INFO |
2010-10-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2121.nasl - Type : ACT_GATHER_INFO |