This application requires Javascript for optimal performance.

Typo3.Jumpurl.File.Disclosure

Release Date

Apr 07, 2009

Severity

medium

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Description

This indicates a potential file-disclosure vulnerability in Typo3.

The vulnerability is within the jumpUrl mechanism of Typo3. Remote attackers may exploit this to read arbitrary files.

Affected Products

TYPO3 versions 3.3.x, 3.5.x, 3.6.x, 3.7.x, 3.8.x, 4.0 to 4.0.11, 4.1.0 to 4.1.9, 4.2.0 to 4.2.5, 4.3alpha1

Recommended Actions

Upgrade to the newest Typo3 versions.
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/

Coverage

IPS
VCM

Common Vulnerabilities and Exposures (CVE)

CVE-2009-0815

Reference/s

http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/
http://www.milw0rm.com/exploits/8038
http://secunia.com/advisories/33829/

Reference: VID-17327