Published: 22/01/2009 Updated: 14/02/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 540

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The System extension Install tool in TYPO3 4.0.0 up to and including 4.0.9, 4.1.0 up to and including 4.1.7, and 4.2.0 up to and including 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for malicious users to crack the key.

Vulnerable Product	Search on Vulmon	Subscribe to Product
typo3 typo3
debian debian linux 4.0

Several remotely exploitable vulnerabilities have been discovered in the TYPO3 web content management framework The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0255 Chris John Riley discovered that the TYPO3-wide used encryption key is generated with an insufficiently random seed resulting in l ...

CWE-330 http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/http://www.securityfocus.com/bid/33376 http://secunia.com/advisories/33617 http://secunia.com/advisories/33679 http://www.debian.org/security/2009/dsa-1711 https://exchange.xforce.ibmcloud.com/vulnerabilities/48132 https://www.debian.org/security/./dsa-1711 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-0255

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect