CVE-2009-0256 — Improper Authentication in CMS

CWE-287 — Improper Authentication CWE-384 — Session Fixation4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.9%

top 24.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Typo3 CMS Typo3

Timeline

PublishedJan 22

Latest updateMay 2

Description

Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Packagisttypo3/cms4.0.0 — 4.0.10+2

▶NVDtypo3/typo322 versions+21

🔴Vulnerability Details

GHSA

Authentication library in TYPO3 vulnerable to session fixation↗2022-05-02

▶

OSV

Authentication library in TYPO3 vulnerable to session fixation↗2022-05-02

▶

CVEList

CVE-2009-0256: Session fixation vulnerability in the authentication library in TYPO3 4↗2009-01-22

▶