CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
76.5%
TYPO3, a PHP-based content management system, was found vulnerable to several vulnerabilities.
CVE-2013-1842 Helmut Hummel and Markus Opahle discovered that the Extbase database layer was not correctly sanitizing user input when using the Query object model. This can lead to SQL injection by a malicious user inputing crafted relation values.
CVE-2013-1843 Missing user input validation in the access tracking mechanism could lead to arbitrary URL redirection.
Note: the fix will break already published links. Upstream advisory TYPO3-CORE-SA-2013-001 has more information on how to mitigate that.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-2646. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(65584);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2013-1842", "CVE-2013-1843");
script_bugtraq_id(58330);
script_xref(name:"DSA", value:"2646");
script_name(english:"Debian DSA-2646-1 : typo3-src - several vulnerabilities");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"TYPO3, a PHP-based content management system, was found vulnerable to
several vulnerabilities.
- CVE-2013-1842
Helmut Hummel and Markus Opahle discovered that the
Extbase database layer was not correctly sanitizing user
input when using the Query object model. This can lead
to SQL injection by a malicious user inputing crafted
relation values.
- CVE-2013-1843
Missing user input validation in the access tracking
mechanism could lead to arbitrary URL redirection.
Note: the fix will break already published links. Upstream
advisory TYPO3-CORE-SA-2013-001 has more information on how to
mitigate that."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702574"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-1842"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/CVE-2013-1843"
);
# http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?6092781d"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/squeeze/typo3-src"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2013/dsa-2646"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the typo3-src packages.
For the stable distribution (squeeze), these problems have been fixed
in version 4.3.9+dfsg1-1+squeeze8."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:typo3-src");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");
script_set_attribute(attribute:"patch_publication_date", value:"2013/03/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/17");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"6.0", prefix:"typo3", reference:"4.3.9+dfsg1-1+squeeze8")) flag++;
if (deb_check(release:"6.0", prefix:"typo3-database", reference:"4.3.9+dfsg1-1+squeeze8")) flag++;
if (deb_check(release:"6.0", prefix:"typo3-src-4.3", reference:"4.3.9+dfsg1-1+squeeze8")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1842
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1843
www.nessus.org/u?6092781d
bugs.debian.org/cgi-bin/bugreport.cgi?bug=702574
packages.debian.org/source/squeeze/typo3-src
security-tracker.debian.org/tracker/CVE-2013-1842
security-tracker.debian.org/tracker/CVE-2013-1843
www.debian.org/security/2013/dsa-2646