Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0815 — Sensitive Information Exposure in CMS

CWE-200 — Sensitive Information Exposure CWE-209 — Information Exposure via Error Message10 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

49.8%

top 2.18%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Typo3 CMS Typo3

Timeline

PublishedMar 5

Latest updateMay 2

Description

The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Packagisttypo3/cms3.3 — 4.0.12+2

▶NVDtypo3/typo324 versions+23

Patches

Patch: typo3.org ↗Patch: www.debian.org ↗Patch: typo3.org ↗

🔴Vulnerability Details

GHSA

TYPO3 leaks a hash secret in an error message↗2022-05-02

▶

OSV

TYPO3 leaks a hash secret in an error message↗2022-05-02

▶

CVEList

CVE-2009-0815: The jumpUrl mechanism in class↗2009-03-05

▶

💥Exploits & PoCs

Exploit-DB

Multiple Vendor - PF Null Pointer Dereference↗2009-04-30

▶

Exploit-DB

OpenBSD 4.5 - IP datagrams Remote Denial of Service↗2009-04-13

▶

Exploit-DB

Gigaset SE461 WiMAX Router - Remote Denial of Service↗2009-03-23

▶

Exploit-DB

TYPO3 < 4.0.12/4.1.10/4.2.6 - 'jumpUrl' Remote File Disclosure↗2009-02-10

▶

Exploit-DB

Netgear SSL312 Router - Denial of Service↗2009-02-09

▶