1. CVE-Search
  2. CVE-2013-1843
ID CVE-2013-1843
Summary Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.14:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.14:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.15:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.15:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.6.16:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.6.16:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 05-06-2013 - 03:42)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:N
refmap via4
bid 58330
confirm http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/
debian DSA-2646
mlist [oss-security] 20130311 Re: CVE Request: typo3 sql injection and open redirection
osvdb 90924
secunia
  • 52433
  • 52638
suse openSUSE-SU-2013:0510
Last major update 05-06-2013 - 03:42
Published 20-03-2013 - 15:55
Last modified 05-06-2013 - 03:42
Back to Top