Vulnerabilities > CVE-2013-1843 - Resource Management Errors vulnerability in Typo3
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2646.NASL description TYPO3, a PHP-based content management system, was found vulnerable to several vulnerabilities. - CVE-2013-1842 Helmut Hummel and Markus Opahle discovered that the Extbase database layer was not correctly sanitizing user input when using the Query object model. This can lead to SQL injection by a malicious user inputing crafted relation values. - CVE-2013-1843 Missing user input validation in the access tracking mechanism could lead to arbitrary URL redirection. Note: the fix will break already published links. Upstream advisory TYPO3-CORE-SA-2013-001 has more information on how to mitigate that. last seen 2020-03-17 modified 2013-03-17 plugin id 65584 published 2013-03-17 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65584 title Debian DSA-2646-1 : typo3-src - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2646. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(65584); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-1842", "CVE-2013-1843"); script_bugtraq_id(58330); script_xref(name:"DSA", value:"2646"); script_name(english:"Debian DSA-2646-1 : typo3-src - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "TYPO3, a PHP-based content management system, was found vulnerable to several vulnerabilities. - CVE-2013-1842 Helmut Hummel and Markus Opahle discovered that the Extbase database layer was not correctly sanitizing user input when using the Query object model. This can lead to SQL injection by a malicious user inputing crafted relation values. - CVE-2013-1843 Missing user input validation in the access tracking mechanism could lead to arbitrary URL redirection. Note: the fix will break already published links. Upstream advisory TYPO3-CORE-SA-2013-001 has more information on how to mitigate that." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702574" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-1842" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-1843" ); # http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6092781d" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/typo3-src" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2013/dsa-2646" ); script_set_attribute( attribute:"solution", value: "Upgrade the typo3-src packages. For the stable distribution (squeeze), these problems have been fixed in version 4.3.9+dfsg1-1+squeeze8." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:typo3-src"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"typo3", reference:"4.3.9+dfsg1-1+squeeze8")) flag++; if (deb_check(release:"6.0", prefix:"typo3-database", reference:"4.3.9+dfsg1-1+squeeze8")) flag++; if (deb_check(release:"6.0", prefix:"typo3-src-4.3", reference:"4.3.9+dfsg1-1+squeeze8")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-232.NASL description The Typo3 CMS versions were updated to receive security and bug fixes. - Raised to version 4.5.25 - bugfix: External URL regression by jumpurl security fix (Helmut Hummel), t3#46071 - Raised to version 4.5.24 - Raise submodule pointer (TYPO3 Release Team) - security: Open redirection with jumpurl (Franz G. Jahn), t3#28587, bnc#808528, CVE-2013-1843 - bugfix: Check minitems for TCAtree (Georg Ringer), t3#25003 - bugfix: Keep hyphens in custom HTML5 attributes (Jigal van Hemert), t3#34371 - Revert last seen 2020-06-05 modified 2014-06-13 plugin id 74935 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74935 title openSUSE Security Update : typo3-cms-4_5/typo3-cms-4_6/typo3-cms-4_7 (openSUSE-SU-2013:0510-1)
References
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html
- http://secunia.com/advisories/52433
- http://secunia.com/advisories/52638
- http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/
- http://www.debian.org/security/2013/dsa-2646
- http://www.openwall.com/lists/oss-security/2013/03/12/3
- http://www.osvdb.org/90924
- http://www.securityfocus.com/bid/58330