fkie_cve-2010-5099
Vulnerability from fkie_nvd
Published
2012-05-30 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| typo3 | typo3 | 4.2.0 | |
| typo3 | typo3 | 4.2.1 | |
| typo3 | typo3 | 4.2.2 | |
| typo3 | typo3 | 4.2.3 | |
| typo3 | typo3 | 4.2.4 | |
| typo3 | typo3 | 4.2.5 | |
| typo3 | typo3 | 4.2.6 | |
| typo3 | typo3 | 4.2.7 | |
| typo3 | typo3 | 4.2.8 | |
| typo3 | typo3 | 4.2.9 | |
| typo3 | typo3 | 4.2.10 | |
| typo3 | typo3 | 4.2.11 | |
| typo3 | typo3 | 4.2.12 | |
| typo3 | typo3 | 4.2.13 | |
| typo3 | typo3 | 4.2.14 | |
| typo3 | typo3 | 4.2.15 | |
| typo3 | typo3 | 4.3.0 | |
| typo3 | typo3 | 4.3.1 | |
| typo3 | typo3 | 4.3.2 | |
| typo3 | typo3 | 4.3.3 | |
| typo3 | typo3 | 4.3.4 | |
| typo3 | typo3 | 4.3.5 | |
| typo3 | typo3 | 4.3.6 | |
| typo3 | typo3 | 4.3.7 | |
| typo3 | typo3 | 4.3.8 | |
| typo3 | typo3 | 4.4.0 | |
| typo3 | typo3 | 4.4.1 | |
| typo3 | typo3 | 4.4.2 | |
| typo3 | typo3 | 4.4.3 | |
| typo3 | typo3 | 4.4.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "DF56D768-6D41-472D-AA42-0C209534AB30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB331CC-3125-454E-BCBE-B85540B62110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E9B46AB0-D925-4E74-8D15-40EE3BC0B14A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A60F86FA-B7D3-4BE5-82F2-05F2A5F5663D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php."
},
{
"lang": "es",
"value": "La funcionalidad fileDenyPattern en la API de protecci\u00f3n de inclusi\u00f3n de archivos en TYPO3 v4.2.x antes de v4.2.16, v4.3.x antes de v4.3.9, y 4.4.x antes v4.4.5, no filtra correctamente los tipos de archivos, lo que permite a atacantes remotos evitar restricciones de acceso y acceder a archivos arbitrarios de PHP, como se ha demostrado utilizando secuencias de rutas transversales con bytes nulos 00% y CVE-2010-3714 para leer la clave de cifrado TYPO3 de localconf.php."
}
],
"id": "CVE-2010-5099",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-30T20:55:02.847",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/15856"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/35770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/15856"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…