Detections
Analytics
Debian DSA-2537-1 : typo3-src - several vulnerabilities
medium Nessus Plugin ID 61735
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Several vulnerabilities were discovered in TYPO3, a content management system.- CVE-2012-3527 An insecure call to unserialize in the help system enables arbitrary code execution by authenticated users.
- CVE-2012-3528 The TYPO3 backend contains several cross-site scripting vulnerabilities.
- CVE-2012-3529 Authenticated users who can access the configuration module can obtain the encryption key, allowing them to escalate their privileges.
- CVE-2012-3530 The RemoveXSS HTML sanitizer did not remove several HTML5 JavaScript, thus failing to mitigate the impact of cross-site scripting vulnerabilities.
Solution
Upgrade the typo3-src packages.For the stable distribution (squeeze), these problems have been fixed in version 4.3.9+dfsg1-1+squeeze5.
See Also
https://security-tracker.debian.org/tracker/CVE-2012-3527
https://security-tracker.debian.org/tracker/CVE-2012-3528
https://security-tracker.debian.org/tracker/CVE-2012-3529
https://security-tracker.debian.org/tracker/CVE-2012-3530
Plugin Details
Severity: Medium
ID: 61735
File Name: debian_DSA-2537.nasl
Version: 1.10
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 8/31/2012
Updated: 1/11/2021
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.4
Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:typo3-src, cpe:/o:debian:debian_linux:6.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 8/30/2012
Reference Information
CVE: CVE-2012-3527, CVE-2012-3528, CVE-2012-3529, CVE-2012-3530, CVE-2012-3531
BID: 55052
DSA: 2537