Summary
This host is installed with TYPO3 and
is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow
remote attackers to poison the cache and conduct spoofing attacks.
Impact Level: Application.
Solution
Upgrade to TYPO3 version 4.5.39 or 6.2.9
or 7.0.2 or later. For updates refer to http://typo3.org
Insight
Multiple flaws exists due to,
- Certain input passed to the homepage is not properly sanitised before being used to generate anchor links.
- An error related to the 'config.prefixLocalAnchors' configuration option.
Affected
TYPO3 versions 4.5.x before 4.5.39, 4.6.x
through 6.2.x before 6.2.9, and 7.x before 7.0.2
Detection
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-9508, CVE-2014-9509 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
- 'research_display.php' SQL Injection Vulnerability
- Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
- Advantech Studio 'NTWebServer.exe' Directory Traversal Vulnerability
- Andy's PHP Knowledgebase 'step5.php' Remote PHP Code Execution Vulnerability