Vulnerability Description
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Typo3 | Typo3 | 4.4 |
Related Weaknesses (CWE)
References
- http://osvdb.org/80761
- http://secunia.com/advisories/48622Vendor Advisory
- http://secunia.com/advisories/48647Vendor Advisory
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012Vendor Advisory
- http://www.debian.org/security/2012/dsa-2445
- http://www.openwall.com/lists/oss-security/2012/03/30/4
- http://www.securityfocus.com/bid/52771
- http://osvdb.org/80761
- http://secunia.com/advisories/48622Vendor Advisory
- http://secunia.com/advisories/48647Vendor Advisory
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012Vendor Advisory
- http://www.debian.org/security/2012/dsa-2445
- http://www.openwall.com/lists/oss-security/2012/03/30/4
- http://www.securityfocus.com/bid/52771
FAQ
What is CVE-2012-1607?
CVE-2012-1607 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.
How severe is CVE-2012-1607?
CVE-2012-1607 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1607?
Check the references section above for vendor advisories and patch information. Affected products include: Typo3 Typo3.