CVE-2009-1264

Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://osvdb.org/53278
http://secunia.com/advisories/34586	Vendor Advisory
http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/	Patch Vendor Advisory
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/	Patch Vendor Advisory
http://www.securityfocus.com/bid/34374	Patch
http://www.vupen.com/english/advisories/2009/0938	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:stanislas_rolland:sr_feuser_register::::::::
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.4:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.6:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.1:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.7:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.8:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.6:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.4:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5:::::::*
	cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.10:::::::*

History

No history.

Information

Published : 2009-04-07 23:30

Updated : 2024-02-04 17:33

NVD link : CVE-2009-1264

Mitre link : CVE-2009-1264

CVE.ORG link : CVE-2009-1264

JSON object : View

Products Affected

stanislas_rolland

sr_feuser_register

typo3

typo3

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2009-1264", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-04-07T23:30:00.420", "references": [{"url": "http://osvdb.org/53278", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/34586", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.21/", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-004/", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/34374", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/0938", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "Frontend User Registration (sr_feuser_register) extension 2.5.20 and earlier for TYPO3 does not properly verify access rights, which allows remote authenticated users to obtain sensitive information such as passwords via unknown attack vectors."}, {"lang": "es", "value": "La extensi\u00f3n Frontend User Registration (sr_feuser_register) v.2.5.20 y anteriores para TYPO3, no comprueba adecuadamente los permisos de acceso, esto permite a usuarios autenticados en remoto obtener informaci\u00f3n sensible como contrase\u00f1as a trav\u00e9s de vectores de ataque desconocidos."}], "lastModified": "2009-04-08T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3355511-4472-4D36-B160-45A1F818DCFB", "versionEndIncluding": "2.5.20"}, {"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "053EF31D-FE26-4CF3-BE33-EB0F1036718F"}, {"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3E20C0A-8B89-4C95-8B24-A2A3CBFA0127"}, {"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "476D5133-8BCB-44BF-B61F-6699D7B8F9A0"}, {"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9C84689-C9B1-480A-A3BF-00EF5316F03F"}, {"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B00C7C5-54A6-485D-AAF7-61F12E0D7B60"}, {"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D815939A-4446-4CC8-86EE-58903DEC9CD1"}, {"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B238304F-2FEB-497C-B74D-4BED29879040"}, {"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABDA6FBA-9A42-4524-AA65-2A15A5B2E2A3"}, {"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F51DBFDB-9D5B-46D2-8EBC-A298E8DBBF88"}, {"criteria": "cpe:2.3:a:stanislas_rolland:sr_feuser_register:2.5.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F44CBF4-5A38-41C8-A7C5-CA1D6A61BEE4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}