Multiple vulnerabilities in TYPO3
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2016-5385 |
| CWE-ID | CWE-79 CWE-200 CWE-89 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
TYPO3 Web applications / CMS Oracle Linux Operating systems & Components / Operating system |
| Vendor |
TYPO3 Oracle |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Cross-site scripting in third party library mso/idna-convert
EUVDB-ID: #VU195
Risk: High
CVSSv4.0: 5.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:A/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in TYPO3 CMS. TYPO3 ships example code from mso/idna-convert library in the vendor folder, which is vulnerable to Cross-Site Scripting.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Install the latest versions (7.6.10, 8.2.1).
Vulnerable software versionsTYPO3: 7.6-snapshot-20160223 - 8.2.0
CPE2.3 External linkshttps://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-020/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
2) Environment variable injection in TYPO3
EUVDB-ID: #VU194
Risk: High
CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Amber]
CVE-ID: CVE-2016-5385
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to redirect an application's outbound HTTP traffic.
The vulnerability exists in TYPO3 CMS. A remote attacker can redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request.
Successful exploitation of this vulnerability may result in XSS attack and data injection.
Install the latest version 8.2.1.
Vulnerable software versionsTYPO3: 8.0.0 - 8.2.0
Oracle Linux: 7
CPE2.3 External linkshttps://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-019/
https://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Cross-site scripting vulnerability in typolinks
EUVDB-ID: #VU184
Risk: High
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in all link fields within the TYPO3 installation. A remote attacker can insert data commands by using the url scheme "data:" and conduct cross-site scripting attacks.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Install the latest versions (6.2.26, 7.6.10, 8.2.1).
Vulnerable software versionsTYPO3: 6.2.0 beta1 - 8.2.0
CPE2.3 External linkshttps://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-018/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Insecure unserialize in TYPO3 Import/Export
EUVDB-ID: #VU182
Risk: High
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to modify data on the target system.
The vulnerability exists in TYPO3. A remote authenticated user with a valid backend account can modify data on the target system by exploiting a deserialization flaw in the Import/Export component.
Successful exploitation of this vulnerability may result in modification of system information.
Install the latest versions (6.2.26, 7.6.10, 8.2.1).
Vulnerable software versionsTYPO3: 6.2.0 rc1 - 8.2.0
CPE2.3https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-015/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure in TYPO3 backend
EUVDB-ID: #VU181
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: N/A
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to receive valid backend usernames.
The vulnerability exists in the TYPO3 backend module. A remote user can receive valid backend usernames by guessing the file path to the cache files.
Successful exploitation of this vulnerability may result in disclosure of system information.
Install the latest versions (6.2.26, 7.6.10, 8.2.1).
Vulnerable software versionsTYPO3: 6.2.0 rc1 - 8.2.0
CPE2.3https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-017/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) SQL injection in TYPO3 frontend login
EUVDB-ID: #VU180
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: N/A
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to inject SQL commands.
The vulnerability exists due to improper validation of user-supplied input. A remote authenticated user can execute SQL commands on the underlying database by supplying a specially crafted parameter value.
Successful exploitation of this vulnerability may result in SQL commands execution.
Install the latest versions (6.2.26, 7.6.10, 8.2.1).
Vulnerable software versionsTYPO3: 6.2.0 beta1 - 7.6.9
CPE2.3https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-016/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Cross-site scripting in TYPO3 backend
EUVDB-ID: #VU179
Risk: High
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Amber]
CVE-ID: N/A
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to improper filtering HTML code from user-supplied input before displaying the input. A remote user can cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the TYPO3 software. As a result, the code will be able to access the target user's cookies, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Install the latest versions (6.2.26, 7.6.10, 8.2.1).
Vulnerable software versionsTYPO3: 6.2.0 rc1 - 8.2.0
CPE2.3https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-014/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
