| Vulnerability Name: | CVE-2012-1605 (CCN-74527) | ||||||||
| Assigned: | 2012-03-28 | ||||||||
| Published: | 2012-03-28 | ||||||||
| Updated: | 2012-09-05 | ||||||||
| Summary: | The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument." | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2012-1605 Source: CCN Type: TYPO3 Web Site TYPO3 Source: CCN Type: TYPO3-CORE-SA-2012-001 Several Vulnerabilities in TYPO3 Core Source: CONFIRM Type: Vendor Advisory http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/ Source: MLIST Type: UNKNOWN [oss-security] 20120329 Re: CVE request: TYPO3-CORE-SA-2012-001 Source: OSVDB Type: UNKNOWN 80759 Source: CCN Type: OSVDB ID: 80759 TYPO3 Extbase Framework Missing HMAC Arbitrary Object Unserialization Weakness Source: BID Type: UNKNOWN 52771 Source: CCN Type: BID-52771 TYPO3 Core TYPO3-CORE-SA-2012-001 Multiple Remote Security Vulnerabilities Source: XF Type: UNKNOWN typo3-extbase-unserialize-code-execution(74527) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||