Vulnerability Description
The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dynamic Content Elements Project | Dynamic Content Elements | >= 0.7.0, <= 0.7.5 |
Related Weaknesses (CWE)
References
- http://typo3.org/extensions/repository/view/dceVendor Advisory
- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-saVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97673VDB Entry
- http://typo3.org/extensions/repository/view/dceVendor Advisory
- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-saVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/97673VDB Entry
FAQ
What is CVE-2014-8328?
CVE-2014-8328 is a vulnerability with a CVSS score of 5.3 (MEDIUM). The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update...
How severe is CVE-2014-8328?
CVE-2014-8328 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8328?
Check the references section above for vendor advisories and patch information. Affected products include: Dynamic Content Elements Project Dynamic Content Elements.