CVE-2012-1605

Sažetak

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."

Reference

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
http://www.openwall.com/lists/oss-security/2012/03/30/4
http://www.osvdb.org/80759
http://www.securityfocus.com/bid/52771

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

05-09-2012 - 13:46

Objavljeno

04-09-2012 - 20:55