CVE-2012-1605

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
VendorProductVersion
typo3typo3
4.6
typo3typo3
4.6.0
typo3typo3
4.6.1
typo3typo3
4.6.2
typo3typo3
4.6.3
typo3typo3
4.6.4
typo3typo3
4.6.5
typo3typo3
4.6.6
typo3typo3
4.7
typo3typo3
6.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
typo3-src
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
ignored
maverick
ignored
lucid
ignored
hardy
ignored
References
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
http://www.openwall.com/lists/oss-security/2012/03/30/4
http://www.osvdb.org/80759
http://www.securityfocus.com/bid/52771
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
http://www.openwall.com/lists/oss-security/2012/03/30/4
http://www.osvdb.org/80759
http://www.securityfocus.com/bid/52771