CVE-2010-4068

Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:N

Exploitability : 6.8 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/	Vendor Advisory
http://www.debian.org/security/2010/dsa-2121
http://www.securityfocus.com/bid/43786

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:typo3:typo3:4.2.0:::::::*
	cpe:2.3:a:typo3:typo3:4.2.1:::::::*
	cpe:2.3:a:typo3:typo3:4.2.2:::::::*
	cpe:2.3:a:typo3:typo3:4.2.3:::::::*
	cpe:2.3:a:typo3:typo3:4.2.4:::::::*
	cpe:2.3:a:typo3:typo3:4.2.5:::::::*
	cpe:2.3:a:typo3:typo3:4.2.6:::::::*
	cpe:2.3:a:typo3:typo3:4.2.7:::::::*
	cpe:2.3:a:typo3:typo3:4.2.8:::::::*
	cpe:2.3:a:typo3:typo3:4.2.9:::::::*
	cpe:2.3:a:typo3:typo3:4.2.10:::::::*
	cpe:2.3:a:typo3:typo3:4.2.11:::::::*
	cpe:2.3:a:typo3:typo3:4.2.12:::::::*
	cpe:2.3:a:typo3:typo3:4.2.13:::::::*
	cpe:2.3:a:typo3:typo3:4.2.14:::::::*
	cpe:2.3:a:typo3:typo3:4.3.0:::::::*
	cpe:2.3:a:typo3:typo3:4.3.1:::::::*
	cpe:2.3:a:typo3:typo3:4.3.2:::::::*
	cpe:2.3:a:typo3:typo3:4.3.3:::::::*
	cpe:2.3:a:typo3:typo3:4.3.4:::::::*
	cpe:2.3:a:typo3:typo3:4.3.5:::::::*
	cpe:2.3:a:typo3:typo3:4.3.6:::::::*
	cpe:2.3:a:typo3:typo3:4.4:::::::*
	cpe:2.3:a:typo3:typo3:4.4.1:::::::*
	cpe:2.3:a:typo3:typo3:4.4.2:::::::*
	cpe:2.3:a:typo3:typo3:4.4.3:::::::*

History

No history.

Information

Published : 2010-10-25 20:01

Updated : 2024-02-04 17:54

NVD link : CVE-2010-4068

Mitre link : CVE-2010-4068

CVE.ORG link : CVE-2010-4068

JSON object : View

Products Affected

typo3

typo3

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2010-4068", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-10-25T20:01:04.800", "references": [{"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2010/dsa-2121", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/43786", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allows remote authenticated administrators to read and possibly modify arbitrary files via a crafted parameter, a different vulnerability than CVE-2010-3714."}, {"lang": "es", "value": "Vulnerabilidad no especificada en Extension Manager en TYPO3 v4.2.x anteriores a v4.2.15, v4.3.x anteriores a v4.3.7, y v4.4.x anteriores a v4.4.4 permite a administradores remotos autenticados leer y posiblemente modificar ficheros de su elecci\u00f3n a trav\u00e9s de par\u00e1metros manipulados, es una vulnerabilidad distinta a CVE-2010-3714."}], "lastModified": "2010-10-27T04:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85F02502-5C03-4751-BC83-59F894400E7E"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882"}, {"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}