cvelistv5 - cve-2009-0255

CVE-2009-0255 (GCVE-0-2009-0255)

Vulnerability from cvelistv5 – Published: 2009-01-22 23:00 – Updated: 2024-08-07 04:24

Summary

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://typo3.org/teams/security/security-bulletin…	x_refsource_CONFIRM
	http://secunia.com/advisories/33617	third-party-advisoryx_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1711	vendor-advisoryx_refsource_DEBIAN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/33376	vdb-entryx_refsource_BID
	http://secunia.com/advisories/33679	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:18.421Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
          },
          {
            "name": "33617",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33617"
          },
          {
            "name": "DSA-1711",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1711"
          },
          {
            "name": "typo3-installtool-weak-security(48132)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"
          },
          {
            "name": "33376",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33376"
          },
          {
            "name": "33679",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33679"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
        },
        {
          "name": "33617",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33617"
        },
        {
          "name": "DSA-1711",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1711"
        },
        {
          "name": "typo3-installtool-weak-security(48132)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"
        },
        {
          "name": "33376",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33376"
        },
        {
          "name": "33679",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33679"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0255",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/",
              "refsource": "CONFIRM",
              "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
            },
            {
              "name": "33617",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33617"
            },
            {
              "name": "DSA-1711",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1711"
            },
            {
              "name": "typo3-installtool-weak-security(48132)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"
            },
            {
              "name": "33376",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33376"
            },
            {
              "name": "33679",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33679"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0255",
    "datePublished": "2009-01-22T23:00:00",
    "dateReserved": "2009-01-22T00:00:00",
    "dateUpdated": "2024-08-07T04:24:18.421Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0\", \"versionEndExcluding\": \"4.0.10\", \"matchCriteriaId\": \"FCD45EC2-1866-4CFC-B841-8B0B879B5565\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.1.0\", \"versionEndExcluding\": \"4.1.8\", \"matchCriteriaId\": \"EB66C8C2-1FAE-4C54-9284-A940CBEDBC00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.2.0\", \"versionEndExcluding\": \"4.2.4\", \"matchCriteriaId\": \"BBFEC718-5811-4B4D-96CF-A37488974D4A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F92AB32-E7DE-43F4-B877-1F41FA162EC7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.\"}, {\"lang\": \"es\", \"value\": \"La herramienta de instalaci\\u00f3n de extensiones del sistema en TYPO3 v4.0.9 a v4.0.0, v4.1.0 a v4.1.7, v4.2.0 y v4.2.3 crea la clave de encriptaci\\u00f3n con una insuficiente aleatoriedad en la semilla, lo que facilita craquear la clave a los atacantes.\"}]",
      "id": "CVE-2009-0255",
      "lastModified": "2024-11-21T00:59:27.403",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2009-01-22T23:30:00.203",
      "references": "[{\"url\": \"http://secunia.com/advisories/33617\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/33679\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2009/dsa-1711\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.securityfocus.com/bid/33376\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/48132\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://secunia.com/advisories/33617\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/33679\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2009/dsa-1711\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\"]}, {\"url\": \"http://www.securityfocus.com/bid/33376\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/48132\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-330\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0255\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-01-22T23:30:00.203\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.\"},{\"lang\":\"es\",\"value\":\"La herramienta de instalaci\u00f3n de extensiones del sistema en TYPO3 v4.0.9 a v4.0.0, v4.1.0 a v4.1.7, v4.2.0 y v4.2.3 crea la clave de encriptaci\u00f3n con una insuficiente aleatoriedad en la semilla, lo que facilita craquear la clave a los atacantes.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndExcluding\":\"4.0.10\",\"matchCriteriaId\":\"FCD45EC2-1866-4CFC-B841-8B0B879B5565\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.1.0\",\"versionEndExcluding\":\"4.1.8\",\"matchCriteriaId\":\"EB66C8C2-1FAE-4C54-9284-A940CBEDBC00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2.0\",\"versionEndExcluding\":\"4.2.4\",\"matchCriteriaId\":\"BBFEC718-5811-4B4D-96CF-A37488974D4A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F92AB32-E7DE-43F4-B877-1F41FA162EC7\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/33617\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33679\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1711\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.securityfocus.com/bid/33376\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48132\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://secunia.com/advisories/33617\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1711\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.securityfocus.com/bid/33376\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48132\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

GSD-2009-0255

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0255

Aliases

CVE-2009-0255

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0255",
    "description": "The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.",
    "id": "GSD-2009-0255",
    "references": [
      "https://www.debian.org/security/2009/dsa-1711"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0255"
      ],
      "details": "The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.",
      "id": "GSD-2009-0255",
      "modified": "2023-12-13T01:19:43.916183Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-0255",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/",
            "refsource": "CONFIRM",
            "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
          },
          {
            "name": "33617",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33617"
          },
          {
            "name": "DSA-1711",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2009/dsa-1711"
          },
          {
            "name": "typo3-installtool-weak-security(48132)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"
          },
          {
            "name": "33376",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/33376"
          },
          {
            "name": "33679",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33679"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FCD45EC2-1866-4CFC-B841-8B0B879B5565",
                    "versionEndExcluding": "4.0.10",
                    "versionStartIncluding": "4.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EB66C8C2-1FAE-4C54-9284-A940CBEDBC00",
                    "versionEndExcluding": "4.1.8",
                    "versionStartIncluding": "4.1.0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "BBFEC718-5811-4B4D-96CF-A37488974D4A",
                    "versionEndExcluding": "4.2.4",
                    "versionStartIncluding": "4.2.0",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          },
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key."
          },
          {
            "lang": "es",
            "value": "La herramienta de instalaci\u00f3n de extensiones del sistema en TYPO3 v4.0.9 a v4.0.0, v4.1.0 a v4.1.7, v4.2.0 y v4.2.3 crea la clave de encriptaci\u00f3n con una insuficiente aleatoriedad en la semilla, lo que facilita craquear la clave a los atacantes."
          }
        ],
        "id": "CVE-2009-0255",
        "lastModified": "2024-02-14T16:10:04.203",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "NONE",
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 2.9,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2009-01-22T23:30:00.203",
        "references": [
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/33617"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Vendor Advisory"
            ],
            "url": "http://secunia.com/advisories/33679"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Mailing List"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1711"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Broken Link",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://www.securityfocus.com/bid/33376"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-330"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

CERTA-2009-AVI-024

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans TYPO3 permettent une exécution de commandes arbitraires à distance, diverses injections de code indirectes ou un contournement de la politique de sécurité.

Description

De multiples vulnérabilités ont été découvertes dans TYPO3 :

la clé de chiffrement utilisée par TYPO3 a une faible entropie ;
les jetons de session ne sont pas correctement invalidés et peuvent être rejoués ;
le moteur de recherche indexée ne filtre pas correctement les paramètres, ce qui permet une exécution de commandes arbitraires à distance. Par ailleurs, le nom et le contenu des fichiers à indexer ne sont pas non plus correctement filtrés, ce qui permet de réaliser des attaques de type cross-site scripting ;
des attaques de type cross-site scripting sont possibles via les composants ADOdb et Workspace.

Solution

Mettre à jour TYPO3 en version 4.0.10, 4.1.8 ou 4.2.4. L'application des mises à jour ne suffit pas à corriger toutes les vulnérabilités, il est également nécessaire de créer une nouvelle clé de chiffrement. Cette procédure est décrite dans le bulletin de sécurité de l'éditeur (voir section Documentation).

None

Impacted products

Vendor	Product	Description
Typo3	Typo3	TYPO3 versions 4.2.0 à 4.2.3.
Typo3	Typo3	TYPO3 versions 4.0.0 à 4.0.9 ;
Typo3	Typo3	TYPO3 versions 4.1.0 à 4.1.7 ;

References

Title

Publication Time

Tags

Bulletin de sécurité TYPO3-SA-2009-001	None	vendor-advisory
Référence CVE CVE-2009-0258 :	-	other
Référence CVE CVE-2009-0257 :	-	other
Référence CVE CVE-2009-0255 :	-	other
Référence CVE CVE-2009-0256 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 4.2.0 \u00e0 4.2.3.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.0.0 \u00e0 4.0.9 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.1.0 \u00e0 4.1.7 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TYPO3 :\n\n-   la cl\u00e9 de chiffrement utilis\u00e9e par TYPO3 a une faible entropie ;\n-   les jetons de session ne sont pas correctement invalid\u00e9s et peuvent\n    \u00eatre rejou\u00e9s ;\n-   le moteur de recherche index\u00e9e ne filtre pas correctement les\n    param\u00e8tres, ce qui permet une ex\u00e9cution de commandes arbitraires \u00e0\n    distance. Par ailleurs, le nom et le contenu des fichiers \u00e0 indexer\n    ne sont pas non plus correctement filtr\u00e9s, ce qui permet de r\u00e9aliser\n    des attaques de type cross-site scripting ;\n-   des attaques de type cross-site scripting sont possibles via les\n    composants ADOdb et Workspace.\n\n## Solution\n\nMettre \u00e0 jour TYPO3 en version 4.0.10, 4.1.8 ou 4.2.4. L\u0027application des\nmises \u00e0 jour ne suffit pas \u00e0 corriger toutes les vuln\u00e9rabilit\u00e9s, il est\n\u00e9galement n\u00e9cessaire de cr\u00e9er une nouvelle cl\u00e9 de chiffrement. Cette\nproc\u00e9dure est d\u00e9crite dans le bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (voir\nsection Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0257"
    },
    {
      "name": "CVE-2009-0255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0255"
    },
    {
      "name": "CVE-2009-0256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0256"
    },
    {
      "name": "CVE-2009-0258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0258"
    }
  ],
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0258 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-258"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0257 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-257"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0255 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-255"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0256 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-256"
    }
  ],
  "reference": "CERTA-2009-AVI-024",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-01-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injections de code indirectes"
    },
    {
      "description": "Ex\u00e9cution de commandes arbitraires \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eTYPO3\u003c/span\u003e\npermettent une ex\u00e9cution de commandes arbitraires \u00e0 distance, diverses\ninjections de code indirectes ou un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3-SA-2009-001",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
    }
  ]
}

CERTA-2009-AVI-024

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans TYPO3 permettent une exécution de commandes arbitraires à distance, diverses injections de code indirectes ou un contournement de la politique de sécurité.

Description

De multiples vulnérabilités ont été découvertes dans TYPO3 :

la clé de chiffrement utilisée par TYPO3 a une faible entropie ;
les jetons de session ne sont pas correctement invalidés et peuvent être rejoués ;
le moteur de recherche indexée ne filtre pas correctement les paramètres, ce qui permet une exécution de commandes arbitraires à distance. Par ailleurs, le nom et le contenu des fichiers à indexer ne sont pas non plus correctement filtrés, ce qui permet de réaliser des attaques de type cross-site scripting ;
des attaques de type cross-site scripting sont possibles via les composants ADOdb et Workspace.

Solution

None

Impacted products

Vendor	Product	Description
Typo3	Typo3	TYPO3 versions 4.2.0 à 4.2.3.
Typo3	Typo3	TYPO3 versions 4.0.0 à 4.0.9 ;
Typo3	Typo3	TYPO3 versions 4.1.0 à 4.1.7 ;

References

Title

Publication Time

Tags

Bulletin de sécurité TYPO3-SA-2009-001	None	vendor-advisory
Référence CVE CVE-2009-0258 :	-	other
Référence CVE CVE-2009-0257 :	-	other
Référence CVE CVE-2009-0255 :	-	other
Référence CVE CVE-2009-0256 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 4.2.0 \u00e0 4.2.3.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.0.0 \u00e0 4.0.9 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.1.0 \u00e0 4.1.7 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TYPO3 :\n\n-   la cl\u00e9 de chiffrement utilis\u00e9e par TYPO3 a une faible entropie ;\n-   les jetons de session ne sont pas correctement invalid\u00e9s et peuvent\n    \u00eatre rejou\u00e9s ;\n-   le moteur de recherche index\u00e9e ne filtre pas correctement les\n    param\u00e8tres, ce qui permet une ex\u00e9cution de commandes arbitraires \u00e0\n    distance. Par ailleurs, le nom et le contenu des fichiers \u00e0 indexer\n    ne sont pas non plus correctement filtr\u00e9s, ce qui permet de r\u00e9aliser\n    des attaques de type cross-site scripting ;\n-   des attaques de type cross-site scripting sont possibles via les\n    composants ADOdb et Workspace.\n\n## Solution\n\nMettre \u00e0 jour TYPO3 en version 4.0.10, 4.1.8 ou 4.2.4. L\u0027application des\nmises \u00e0 jour ne suffit pas \u00e0 corriger toutes les vuln\u00e9rabilit\u00e9s, il est\n\u00e9galement n\u00e9cessaire de cr\u00e9er une nouvelle cl\u00e9 de chiffrement. Cette\nproc\u00e9dure est d\u00e9crite dans le bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (voir\nsection Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0257"
    },
    {
      "name": "CVE-2009-0255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0255"
    },
    {
      "name": "CVE-2009-0256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0256"
    },
    {
      "name": "CVE-2009-0258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0258"
    }
  ],
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0258 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-258"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0257 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-257"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0255 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-255"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0256 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-256"
    }
  ],
  "reference": "CERTA-2009-AVI-024",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-01-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injections de code indirectes"
    },
    {
      "description": "Ex\u00e9cution de commandes arbitraires \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eTYPO3\u003c/span\u003e\npermettent une ex\u00e9cution de commandes arbitraires \u00e0 distance, diverses\ninjections de code indirectes ou un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3-SA-2009-001",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
    }
  ]
}

FKIE_CVE-2009-0255

Vulnerability from fkie_nvd - Published: 2009-01-22 23:30 - Updated: 2025-04-09 00:30

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/33617	Broken Link, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/33679	Broken Link, Vendor Advisory
cve@mitre.org	http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2009/dsa-1711	Mailing List
cve@mitre.org	http://www.securityfocus.com/bid/33376	Broken Link, Third Party Advisory, VDB Entry
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/48132	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33617	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33679	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1711	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33376	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/48132	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
typo3	typo3	*
typo3	typo3	*
typo3	typo3	*
debian	debian_linux	4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD45EC2-1866-4CFC-B841-8B0B879B5565",
              "versionEndExcluding": "4.0.10",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB66C8C2-1FAE-4C54-9284-A940CBEDBC00",
              "versionEndExcluding": "4.1.8",
              "versionStartIncluding": "4.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBFEC718-5811-4B4D-96CF-A37488974D4A",
              "versionEndExcluding": "4.2.4",
              "versionStartIncluding": "4.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key."
    },
    {
      "lang": "es",
      "value": "La herramienta de instalaci\u00f3n de extensiones del sistema en TYPO3 v4.0.9 a v4.0.0, v4.1.0 a v4.1.7, v4.2.0 y v4.2.3 crea la clave de encriptaci\u00f3n con una insuficiente aleatoriedad en la semilla, lo que facilita craquear la clave a los atacantes."
    }
  ],
  "id": "CVE-2009-0255",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2009-01-22T23:30:00.203",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33617"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33679"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.debian.org/security/2009/dsa-1711"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/33376"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.debian.org/security/2009/dsa-1711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/33376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-330"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-7X3Q-VM79-8FCC

Vulnerability from github – Published: 2022-05-02 03:13 – Updated: 2024-02-14 18:30

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0255"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-330"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-01-22T23:30:00Z",
    "severity": "MODERATE"
  },
  "details": "The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.",
  "id": "GHSA-7x3q-vm79-8fcc",
  "modified": "2024-02-14T18:30:24Z",
  "published": "2022-05-02T03:13:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0255"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33617"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33679"
    },
    {
      "type": "WEB",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1711"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/33376"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0255 (GCVE-0-2009-0255)

GSD-2009-0255

CERTA-2009-AVI-024

Description

Solution

CERTA-2009-AVI-024

Description

Solution

FKIE_CVE-2009-0255

GHSA-7X3Q-VM79-8FCC

Tags

Sightings

Nomenclature