CVE-2009-1264

Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/34374	Patch
http://secunia.com/advisories/34586	Vendor Advisory
http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/	Patch Vendor Advisory
http://osvdb.org/53278
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2009/0938	Patch Vendor Advisory

Advertisement

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:stanislas_rolland:sr_feuser_register::::::::
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.10:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.8:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.7:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.1:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.6:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.4:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.4:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.6:::::::*

Information

Published : 2009-04-07 16:30

Updated : 2009-04-07 21:00

NVD link : CVE-2009-1264

Mitre link : CVE-2009-1264

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

stanislas_rolland

sr_feuser_register

typo3

typo3

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/34374", "name": "34374", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/34586", "name": "34586", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/", "name": "http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://osvdb.org/53278", "name": "53278", "tags": [], "refsource": "OSVDB"}, {"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/", "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.vupen.com/english/advisories/2009/0938", "name": "ADV-2009-0938", "tags": ["Patch", "Vendor Advisory"], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-1264", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": true, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-04-07T23:30Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.5.20"}, {"cpe23Uri": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2009-04-08T04:00Z"}