CVE-2014-9508 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 51%

Affected Products (NVD)

Vendor	Product	Version
typo3	typo3	4.5.0
typo3	typo3	4.5.1
typo3	typo3	4.5.2
typo3	typo3	4.5.3
typo3	typo3	4.5.4
typo3	typo3	4.5.5
typo3	typo3	4.5.6
typo3	typo3	4.5.7
typo3	typo3	4.5.8
typo3	typo3	4.5.9
typo3	typo3	4.5.10
typo3	typo3	4.5.11
typo3	typo3	4.5.12
typo3	typo3	4.5.13
typo3	typo3	4.5.14
typo3	typo3	4.5.15
typo3	typo3	4.5.16
typo3	typo3	4.5.17
typo3	typo3	4.5.18
typo3	typo3	4.5.19
typo3	typo3	4.5.20
typo3	typo3	4.5.21
typo3	typo3	4.5.22
typo3	typo3	4.5.23
typo3	typo3	4.5.24
typo3	typo3	4.5.25
typo3	typo3	4.5.26
typo3	typo3	4.5.27
typo3	typo3	4.5.28
typo3	typo3	4.5.29
typo3	typo3	4.5.30
typo3	typo3	4.5.31
typo3	typo3	4.5.32
typo3	typo3	4.5.33
typo3	typo3	4.5.34
typo3	typo3	4.5.35
typo3	typo3	4.5.36
typo3	typo3	4.5.37
typo3	typo3	4.5.38
typo3	typo3	4.6.0
typo3	typo3	4.6.1
typo3	typo3	4.6.2
typo3	typo3	4.6.3
typo3	typo3	4.6.4
typo3	typo3	4.6.5
typo3	typo3	4.6.6
typo3	typo3	4.6.7
typo3	typo3	4.6.8
typo3	typo3	4.6.9
typo3	typo3	4.6.10
typo3	typo3	4.6.11
typo3	typo3	4.6.12
typo3	typo3	4.6.13
typo3	typo3	4.6.14
typo3	typo3	4.6.15
typo3	typo3	4.6.16
typo3	typo3	4.6.17
typo3	typo3	4.6.18
typo3	typo3	4.7.0
typo3	typo3	4.7.1
typo3	typo3	4.7.2
typo3	typo3	4.7.3
typo3	typo3	4.7.4
typo3	typo3	4.7.5
typo3	typo3	4.7.6
typo3	typo3	4.7.7
typo3	typo3	4.7.8
typo3	typo3	4.7.9
typo3	typo3	4.7.10
typo3	typo3	4.7.11
typo3	typo3	4.7.12
typo3	typo3	4.7.13
typo3	typo3	4.7.14
typo3	typo3	4.7.15
typo3	typo3	4.7.16
typo3	typo3	4.7.17
typo3	typo3	4.7.18
typo3	typo3	4.7.19
typo3	typo3	4.7.20
typo3	typo3	6.0
typo3	typo3	6.0.1
typo3	typo3	6.0.2
typo3	typo3	6.0.3
typo3	typo3	6.0.4
typo3	typo3	6.0.5
typo3	typo3	6.0.6
typo3	typo3	6.0.7
typo3	typo3	6.0.8
typo3	typo3	6.0.9
typo3	typo3	6.0.10
typo3	typo3	6.0.11
typo3	typo3	6.0.12
typo3	typo3	6.0.13
typo3	typo3	6.0.14
typo3	typo3	6.1
typo3	typo3	6.1.1
typo3	typo3	6.1.2
typo3	typo3	6.1.3
typo3	typo3	6.1.4
typo3	typo3	6.1.5
typo3	typo3	6.1.6
typo3	typo3	6.1.7
typo3	typo3	6.1.8
typo3	typo3	6.1.9
typo3	typo3	6.2
typo3	typo3	6.2.0:beta1
typo3	typo3	6.2.0:beta2
typo3	typo3	6.2.0:beta3
typo3	typo3	6.2.1
typo3	typo3	6.2.2
typo3	typo3	6.2.3
typo3	typo3	6.2.4
typo3	typo3	6.2.5
typo3	typo3	6.2.6
typo3	typo3	6.2.7
typo3	typo3	6.2.8
typo3	typo3	7.0.0
typo3	typo3	7.0.1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

typo3-src

artful	dne
bionic	dne
cosmic	dne
disco	dne
lucid	ignored
precise	ignored
trusty	dne
utopic	ignored
vivid	ignored
wily	dne
xenial	dne
yakkety	dne
zesty	dne

Known Exploits!

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/

http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/