Executive Summary

Informations
NameCVE-2009-0258First vendor Publication2009-01-22
VendorCveLast vendor Modification2009-02-05

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score10Attack RangeNetwork
Cvss Impact Score10Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0258

CWE : Common Weakness Enumeration

idName
CWE-20Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Application24

OpenVAS Exploits

DateDescription
2009-02-13Name : FreeBSD Ports: typo3
File : nvt/freebsd_typo31.nasl
2009-02-02Name : Debian Security Advisory DSA 1711-1 (typo3-src)
File : nvt/deb_1711_1.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
51535Indexed Search Engine System Extension for TYPO3 Unspecified Arbitrary Comman...

Nessus® Vulnerability Scanner

DateDescription
2009-02-09Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_653606e9f6ac11dd94d90030843d3802.nasl - Type : ACT_GATHER_INFO
2009-01-27Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1711.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/33376
CONFIRMhttp://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
DEBIANhttp://www.debian.org/security/2009/dsa-1711
MLISThttp://www.openwall.com/lists/oss-security/2009/01/23/4
SECUNIAhttp://secunia.com/advisories/33617
http://secunia.com/advisories/33679
XFhttp://xforce.iss.net/xforce/xfdb/48138

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 10:48:32
  • Multiple Updates
2013-05-10 23:42:59
  • Multiple Updates