Vulnerabilities > CVE-2013-6288 - Cross Site Scripting and PHP Code Execution vulnerability in TYPO3 Apache Solr

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

ingo-renner

typo3

critical

NVD

Published: 2013-10-28

Updated: 2013-11-03

Summary

Unspecified vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."

Vulnerable Configurations

Part	Description	Count
Application	Ingo_Renner Ingo Renner Apache Solr 1.0 Ingo Renner Apache Solr 1.3.0 Ingo Renner Apache Solr 1.3.1 Ingo Renner Apache Solr 2.1.0 Ingo Renner Apache Solr 2.2.0 Ingo Renner Apache Solr 2.2.1 Ingo Renner Apache Solr 2.2.2 Ingo Renner Apache Solr 2.8.0 Ingo Renner Apache Solr 2.8.1 Ingo Renner Apache Solr 2.8.2	10
Application	Typo3 Typo3 Typo3 -	1

References

http://secunia.com/advisories/54978
http://typo3.org/extensions/repository/view/solr
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009/
http://www.securityfocus.com/bid/62674