Executive Summary

Informations
NameCVE-2009-0258First vendor Publication2009-01-22
VendorCveLast vendor Modification2009-02-05

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthentificationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0258

CWE : Common Weakness Enumeration

idName
CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application24

Open Source Vulnerability Database (OSVDB)

idDescription
51535Indexed Search Engine System Extension for TYPO3 Unspecified Arbitrary Comman...

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/33376
CONFIRMhttp://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
DEBIANhttp://www.debian.org/security/2009/dsa-1711
MLISThttp://www.openwall.com/lists/oss-security/2009/01/23/4
SECUNIAhttp://secunia.com/advisories/33617
http://secunia.com/advisories/33679
XFhttp://xforce.iss.net/xforce/xfdb/48138

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2013-05-10 23:42:59
  • Multiple Updates