Lucene search

Ubuntu.comUB:CVE-2013-7075

HistoryDec 23, 2013 - 12:00 a.m.

CVE-2013-7075

2013-12-2300:00:00

ubuntu.com

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.6%

JSON

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0
through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote
authenticated backend users to unserialize arbitrary PHP objects, delete
arbitrary files, and possibly have other unspecified impacts via an
unspecified parameter, related to a “missing signature.”

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731999>

OSVersionArchitecturePackageVersionFilename
ubuntu13.04noarchtypo3-src< 4.5.19+dfsg1-5+wheezy2build0.13.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	13.04	noarch	typo3-src	< 4.5.19+dfsg1-5+wheezy2build0.13.04.1	UNKNOWN

References

www.openwall.com/lists/oss-security/2013/12/12

launchpad.net/bugs/cve/CVE-2013-7075

nvd.nist.gov/vuln/detail/CVE-2013-7075

security-tracker.debian.org/tracker/CVE-2013-7075

www.cve.org/CVERecord?id=CVE-2013-7075

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

53.6%

JSON

Related for UB:CVE-2013-7075