Vulnerability CVE-2012-1083

Vulnerability Name:

CVE-2012-1083 (CCN-72972)

Assigned:

2012-02-02

Published:

2012-02-02

Updated:

2012-02-29

Summary:

Cross-site request forgery (CSRF) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-352

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2012-1083

Source: OSVDB
Type: UNKNOWN
78797

Source: CCN
Type: TYPO3 Web Site
TYPO3 - the Enterprise Open Source CMS: Home

Source: CCN
Type: TYPO3-EXT-SA-2012-001
Several vulnerabilities in third party extensions

Source: MISC
Type: Vendor Advisory
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-001/

Source: CCN
Type: OSVDB ID: 78797
Terminal PHP Shell Extension for TYPO3 Unspecified CSRF

Source: BID
Type: UNKNOWN
51849

Source: CCN
Type: BID-51849
TYPO3 Terminal PHP Shell Cross Site Request Forgery and Cross Site Scripting Vulnerabilities

Source: XF
Type: UNKNOWN
typo3-terminalphpshell-unspecified-csrf(72972)

Vulnerable Configuration:

Configuration 1:

cpe:/a:typo3:terminal:*:*:*:*:*:*:*:* (Version <= 0.3.2)

AND

cpe:/a:typo3:typo3:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK