oval:org.mitre.oval:def:13135
Definition Id: oval:org.mitre.oval:def:13135 | |||
Oval ID: | oval:org.mitre.oval:def:13135 | ||
Title: | DSA-1711-1 typo3-src -- several | ||
Description: | Several remotely exploitable vulnerabilities have been discovered in the TYPO3 web content management framework. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0255 Chris John Riley discovered that the TYPO3-wide used encryption key is generated with an insufficiently random seed resulting in low entropy which makes it easier for attackers to crack this key. CVE-2009-0256 Marcus Krause discovered that TYPO3 is not invalidating a supplied session on authentication which allows an attacker to take over a victims session via a session fixation attack. CVE-2009-0257 Multiple cross-site scripting vulnerabilities allow remote attackers to inject arbitrary web script or HTML via various arguments and user- supplied strings used in the indexed search system extension, adodb extension test scripts or the workspace module. CVE-2009-0258 Mads Olesen discovered a remote command injection vulnerability in the indexed search system extension which allows attackers to execute arbitrary code via a crafted file name which is passed unescaped to various system tools that extract file content for the indexing. Because of CVE-2009-0255, please make sure that besides installing this update, you also create a new encryption key after the installation. For the stable distribution these problems have been fixed in version 4.0.2+debian-7. For the unstable distribution these problems have been fixed in version 4.2.5-1. We recommend that you upgrade your TYPO3 packages. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1711-1 CVE-2009-0255 CVE-2009-0256 CVE-2009-0257 CVE-2009-0258 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | typo3-src |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6461 | |||
Oval ID: | oval:org.mitre.oval:def:6461 | ||
Title: | Debian GNU/Linux 4.0 is installed. | ||
Description: | Debian GNU/Linux 4.0 (etch) is installed | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:debian:debian_gnu/linux:4.0 | Version: | 9 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:13135 |