CVE-2009-0255

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/	Vendor Advisory
http://www.securityfocus.com/bid/33376
http://secunia.com/advisories/33617	Vendor Advisory
http://secunia.com/advisories/33679	Vendor Advisory
http://www.debian.org/security/2009/dsa-1711
https://exchange.xforce.ibmcloud.com/vulnerabilities/48132

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:typo3:typo3:4.0.4:::::::*
	cpe:2.3:a:typo3:typo3:4.0.5:::::::*
	cpe:2.3:a:typo3:typo3:4.1.0:beta1::::::
	cpe:2.3:a:typo3:typo3:4.1.1:::::::*
	cpe:2.3:a:typo3:typo3:4.2.1:::::::*
	cpe:2.3:a:typo3:typo3:4.2.2:::::::*
	cpe:2.3:a:typo3:typo3:4.0.2:::::::*
	cpe:2.3:a:typo3:typo3:4.0.3:::::::*
	cpe:2.3:a:typo3:typo3:4.1.0:::::::*
	cpe:2.3:a:typo3:typo3:4.1.0:rc1::::::
	cpe:2.3:a:typo3:typo3:4.1.7:::::::*
	cpe:2.3:a:typo3:typo3:4.1.6:::::::*
	cpe:2.3:a:typo3:typo3:4.2.0:::::::*
	cpe:2.3:a:typo3:typo3:4.2.3:::::::*
	cpe:2.3:a:typo3:typo3:4.1.4:::::::*
	cpe:2.3:a:typo3:typo3:4.0.1:::::::*
	cpe:2.3:a:typo3:typo3:4.0.7:::::::*
	cpe:2.3:a:typo3:typo3:4.0:::::::*
	cpe:2.3:a:typo3:typo3:4.0.8:::::::*
	cpe:2.3:a:typo3:typo3:4.1.3:::::::*
	cpe:2.3:a:typo3:typo3:4.0.6:::::::*
	cpe:2.3:a:typo3:typo3:4.0.9:::::::*
	cpe:2.3:a:typo3:typo3:4.1.5:::::::*
	cpe:2.3:a:typo3:typo3:4.1.2:::::::*

Information

Published : 2009-01-22 15:30

Updated : 2017-08-07 18:33

NVD link : CVE-2009-0255

Mitre link : CVE-2009-0255

JSON object : View

CWE

CWE-310

Cryptographic Issues

Advertisement

Products Affected

typo3

typo3

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/", "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/33376", "name": "33376", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/33617", "name": "33617", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/33679", "name": "33679", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2009/dsa-1711", "name": "DSA-1711", "tags": [], "refsource": "DEBIAN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132", "name": "typo3-installtool-weak-security(48132)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-0255", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-01-22T23:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-08T01:33Z"}