CVE-2009-0255

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-0255
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://secunia.com/advisories/33617 Broken Link Vendor Advisory
http://secunia.com/advisories/33679 Broken Link Vendor Advisory
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/ Vendor Advisory
http://www.debian.org/security/2009/dsa-1711 Mailing List
http://www.securityfocus.com/bid/33376 Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/48132 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
History

14 Feb 2024, 16:10

Type Values Removed Values Added
References () http://secunia.com/advisories/33617 - Vendor Advisory () http://secunia.com/advisories/33617 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/33679 - Vendor Advisory () http://secunia.com/advisories/33679 - Broken Link, Vendor Advisory
References () http://www.debian.org/security/2009/dsa-1711 - () http://www.debian.org/security/2009/dsa-1711 - Mailing List
References () http://www.securityfocus.com/bid/33376 - () http://www.securityfocus.com/bid/33376 - Broken Link, Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/48132 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/48132 - Third Party Advisory, VDB Entry
First Time Debian
Debian debian Linux
CVSS v2 : 5.0
v3 : unknown 		v2 : 5.0
v3 : 7.5
CWE CWE-310 CWE-330
CPE cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*		 cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
Information

Published : 2009-01-22 23:30

Updated : 2024-02-14 16:10

NVD link : CVE-2009-0255

Mitre link : CVE-2009-0255

CVE.ORG link : CVE-2009-0255

JSON object : View

Products Affected

typo3

  • typo3

debian

  • debian_linux
CWE
CWE-330

Use of Insufficiently Random Values