OSVDB ID: 80759

Title: TYPO3 Extbase Framework Missing HMAC Arbitrary Object Unserialization Weakness

Info

Disclosure

Mar 28, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Mar 28, 2012

Description

TYPO3 Extbase Framework contains an issue related to a missing HMAC signature for a request argument, which may allow a remote attacker to unserialize arbitrary objects.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

Upgrade to version 4.6.7 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

TYPO3 Association	TYPO3	4.6.1
		4.6.6
		4.6.2
		4.6.3
		4.6.4
		4.6.5
		4.6.0

References

CVE ID: 2012-1605 (see also: NVD)
Bugtraq ID: 52771
Related OSVDB ID: 80760 80761 80762
Vendor Specific Advisory URL: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
Mail List Post: http://www.openwall.com/lists/oss-security/2012/03/30/4

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/80759

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

TYPO3 Association

TYPO3

References

Credit