Vulnerability Details : CVE-2009-0815

The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.

Vulnerability category: Information leak

Published 2009-03-05 02:30:01

Updated 2010-04-27 04:00:00

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-0815

Probability of exploitation activity in the next 30 days: 16.71%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2009-0815

Typo3 sa-2009-002 File Disclosure

Disclosure Date : 2009-02-10

auxiliary/admin/http/typo3_sa_2009_002

This module exploits a file disclosure vulnerability in the jumpUrl mechanism of Typo3. This flaw can be used to read any file that the web server user account has access to. Authors: - spinbad <[email protected]>

More information

CVSS scores for CVE-2009-0815

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	[email protected]
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2009-0815

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: [email protected] (Primary)

References for CVE-2009-0815

Products affected by CVE-2009-0815

Typo3 » Typo3 » Version: 4.0
cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.1.2
cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.1.3
cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.1
cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.1.4
cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.1.5
cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.1.6
cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.2
cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.2.2
cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.2.1
cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.2.0
cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.1.0
cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.1.7
cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.2.3
cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 3.6.x
cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 3.8.x
cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.2.4
cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.2.5
cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.3 Update Alpha1
cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 3.7.x
cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.1.8
cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 3.3.x
cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 3.5.x
cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:*
Matching versions
Typo3 » Typo3 » Version: 4.1.9
cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*
Matching versions