CVE-2014-3944

2014-06-0314:55:11

CWE-287

mitre

web.nvd.nist.gov

typo3

authentication

cve-2014-3944

nvd

security vulnerability

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.003

Percentile

66.3%

JSON

The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.

Affected configurations

Nvd

Node

typo3typo3Match6.2

typo3typo3Match6.2.0beta1

typo3typo3Match6.2.0beta2

typo3typo3Match6.2.0beta3

typo3typo3Match6.2.1

typo3typo3Match6.2.2

VendorProductVersionCPE
typo3typo36.2cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*
typo3typo36.2.0cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*
typo3typo36.2.0cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*
typo3typo36.2.0cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*
typo3typo36.2.1cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*
typo3typo36.2.2cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typo3	typo3	6.2	cpe:2.3:a:typo3:typo3:6.2:::::::*
typo3	typo3	6.2.0	cpe:2.3:a:typo3:typo3:6.2.0:beta1::::::
typo3	typo3	6.2.0	cpe:2.3:a:typo3:typo3:6.2.0:beta2::::::
typo3	typo3	6.2.0	cpe:2.3:a:typo3:typo3:6.2.0:beta3::::::
typo3	typo3	6.2.1	cpe:2.3:a:typo3:typo3:6.2.1:::::::*
typo3	typo3	6.2.2	cpe:2.3:a:typo3:typo3:6.2.2:::::::*