Info

Disclosure

Jan 20, 2006

Discovery

Unknown

Dates

Exploit

Jan 20, 2006

Solution

Unknown

Description

TYPO3 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker direclty requests the 't3lib/stddb/tables.php' script, which will result in a failure to access certain include files. This will disclose the software's installation path in an error message, resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, TYPO3 has released a patch to address this vulnerability.

Products

TYPO3

3.7.1

References

Secunia Advisory ID: 18546
CVE ID: 2006-0327 (see also: NVD)
Related OSVDB ID: 22665 22666
FrSIRT Advisory: ADV-2006-0269
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-01/0334.html
Vendor Specific News/Changelog Entry: http://bugs.typo3.org/view.php?id=2248
Other Advisory URL: http://www.irmplc.com/advisory015.htm [ Link is 404 ]
http://www.irmplc.com/index.php/126-Advisory-015
Keyword: IRM Security Advisory No. 015

Credit

Rodrigo Marcos - advisoriesirmplc.com - Information Risk Management

Direct URL: http://osvdb.org/36218