Published: 25/10/2010 Updated: 27/10/2010

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

The t3lib_div::validEmail function in TYPO3 4.2.x prior to 4.2.15, 4.3.x prior to 4.3.7, and 4.4.x prior to 4.4.4 does not properly restrict input to filter_var FILTER_VALIDATE_EMAIL operations in PHP, which allows remote malicious users to cause a denial of service (memory consumption and application crash) via a long e-mail address string, a related issue to CVE-2010-3710.

Vulnerable Product	Search on Vulmon	Subscribe to Product
typo3 typo3 4.2.6
typo3 typo3 4.2.7
typo3 typo3 4.2.8
typo3 typo3 4.2.9
typo3 typo3 4.2.0
typo3 typo3 4.3.4
typo3 typo3 4.3.5
typo3 typo3 4.3.6
typo3 typo3 4.4
typo3 typo3 4.2.3
typo3 typo3 4.2.2
typo3 typo3 4.2.4
typo3 typo3 4.3.1
typo3 typo3 4.3.3
typo3 typo3 4.4.1
typo3 typo3 4.4.3
typo3 typo3 4.2.11
typo3 typo3 4.2.12
typo3 typo3 4.2.13
typo3 typo3 4.2.14
typo3 typo3 4.2.5
typo3 typo3 4.2.1
typo3 typo3 4.2.10
typo3 typo3 4.3.0
typo3 typo3 4.3.2
typo3 typo3 4.4.2

Several remote vulnerabilities have been discovered in TYPO3 The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3714 Multiple remote file disclosure vulnerabilities in the jumpUrl mechanism and the Extension Manager allowed attackers to read files with the privileges of the account under which the web ...

CWE-264 http://www.securityfocus.com/bid/43786 http://www.debian.org/security/2010/dsa-2121 http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/https://nvd.nist.gov https://www.debian.org/security/./dsa-2121

CVE-2010-3717

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect