Vulnerability Description
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Typo3 | Typo3 | >= 4.0, < 4.0.10 |
| Debian | Debian Linux | 4.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/33617Broken LinkVendor Advisory
- http://secunia.com/advisories/33679Broken LinkVendor Advisory
- http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/Vendor Advisory
- http://www.debian.org/security/2009/dsa-1711Mailing List
- http://www.securityfocus.com/bid/33376Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48132Third Party AdvisoryVDB Entry
- http://secunia.com/advisories/33617Broken LinkVendor Advisory
- http://secunia.com/advisories/33679Broken LinkVendor Advisory
- http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/Vendor Advisory
- http://www.debian.org/security/2009/dsa-1711Mailing List
- http://www.securityfocus.com/bid/33376Broken LinkThird Party AdvisoryVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48132Third Party AdvisoryVDB Entry
FAQ
What is CVE-2009-0255?
CVE-2009-0255 is a vulnerability with a CVSS score of 7.5 (HIGH). The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for at...
How severe is CVE-2009-0255?
CVE-2009-0255 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0255?
Check the references section above for vendor advisories and patch information. Affected products include: Typo3 Typo3, Debian Debian Linux.