SNS Vulnerability

TYPO3 Remote File Disclosure and Cross Site Scripting Vulnerabilities

Description

Multiple vulnerabilities have been identified in TYPO3, which could allow attackers to cause a denial of service or gain knowledge of certain information, or by malicious users to gain elevated privileges. These issues are caused by input and access validation errors within the jumpUrl mechanism, backend, Extension Manager, sys_action task "be_user_creation", API function "t3lib_div::validEmail()", and the normalisation feature of the RemoveXSS function, which could allow remote file disclosure, cross site scripting, denial of service and privilege elevation attacks.

Vulnerable Products

Vulnerable Software:
TYPO3 version 4.2.14 and priorTYPO3 version 4.3.6 and priorTYPO3 version 4.4.3 and prior

Solution

Upgrade to TYPO3 version 4.2.15, 4.3.7 or 4.4.4 : http://www.typo3.org/download/

CVE

CVE-2010-4068
CVE-2010-3717
CVE-2010-3716
CVE-2010-3715
CVE-2010-3714

References

http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious tag with event found in data	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	3.2.0
XSS - Prevention - POST : 'location' javascript object found in data	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - POST : javascript code found in data	3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	3.2.0
XSS - Prevention - POST : code allowing cookie access found in data	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - POST : 'script' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0

Risk level

Moderate

Vulnerability First Public Report Date

2010-10-06

Target Type

Client

Possible exploit

Local & Remote