Lucene search

[email protected]NVD:CVE-2013-7081

HistoryDec 23, 2013 - 11:55 p.m.

CVE-2013-7081

2013-12-2323:55:04

CWE-264

[email protected]

web.nvd.nist.gov

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.1%

JSON

The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.

Affected configurations

NVD

Node

typo3typo3Match6.0

typo3typo3Match6.0.1

typo3typo3Match6.0.2

typo3typo3Match6.0.3

typo3typo3Match6.0.4

typo3typo3Match6.0.5

typo3typo3Match6.0.6

typo3typo3Match6.0.7

typo3typo3Match6.0.8

typo3typo3Match6.0.9

typo3typo3Match6.0.10

typo3typo3Match6.0.11

Node

typo3typo3Match6.1

typo3typo3Match6.1.1

typo3typo3Match6.1.2

typo3typo3Match6.1.3

typo3typo3Match6.1.4

typo3typo3Match6.1.5

typo3typo3Match6.1.6

Node

typo3typo3Match4.7.0

typo3typo3Match4.7.1

typo3typo3Match4.7.2

typo3typo3Match4.7.3

typo3typo3Match4.7.4

typo3typo3Match4.7.5

typo3typo3Match4.7.6

typo3typo3Match4.7.7

typo3typo3Match4.7.8

typo3typo3Match4.7.9

typo3typo3Match4.7.10

typo3typo3Match4.7.11

typo3typo3Match4.7.12

typo3typo3Match4.7.13

typo3typo3Match4.7.14

typo3typo3Match4.7.15

typo3typo3Match4.7.16

Node

typo3typo3Match4.5.0

typo3typo3Match4.5.1

typo3typo3Match4.5.2

typo3typo3Match4.5.3

typo3typo3Match4.5.4

typo3typo3Match4.5.5

typo3typo3Match4.5.6

typo3typo3Match4.5.7

typo3typo3Match4.5.8

typo3typo3Match4.5.9

typo3typo3Match4.5.10

typo3typo3Match4.5.11

typo3typo3Match4.5.12

typo3typo3Match4.5.13

typo3typo3Match4.5.14

typo3typo3Match4.5.15

typo3typo3Match4.5.16

typo3typo3Match4.5.17

typo3typo3Match4.5.18

typo3typo3Match4.5.19

typo3typo3Match4.5.20

typo3typo3Match4.5.21

typo3typo3Match4.5.22

typo3typo3Match4.5.23

typo3typo3Match4.5.24

typo3typo3Match4.5.25

typo3typo3Match4.5.26

typo3typo3Match4.5.27

typo3typo3Match4.5.28

typo3typo3Match4.5.29

typo3typo3Match4.5.30

typo3typo3Match4.5.31

References

seclists.org/oss-sec/2013/q4/473

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/

www.debian.org/security/2014/dsa-2834

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

6.2 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.1%

JSON

Related for NVD:CVE-2013-7081

prion1 cvelist1 osv1 github1 ubuntucve1 cve1 openvas3 securityvulns2 debian2 nessus1 typo31