Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2010-3714

Date: October 25, 2010

The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.

Language: PHP

Severity Score

Related Resources (13)

http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/
https://github.com/TYPO3/typo3/commit/687b671c765eac10ffb764547bb403ac3ef55620
http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html
http://www.exploit-db.com/exploits/15856
http://www.securityfocus.com/bid/43786
http://www.debian.org/security/2010/dsa-2121
https://github.com/TYPO3/typo3/commit/d95f06f633fd2c289b544f6d5907b789eae6cccb
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020
https://nvd.nist.gov/vuln/detail/CVE-2010-3714
https://github.com/TYPO3/typo3/commit/a8ccd387cafd2c2c338fc29109c16418f7657229
https://github.com/TYPO3/typo3
https://web.archive.org/web/20111220151231/http://www.securityfocus.com/bid/43786
https://www.mend.io/vulnerability-database/CVE-2010-3714

Severity Score

Weakness Type (CWE)

Improper Access Control

CWE-284

Permissions, Privileges, and Access Control

CWE-264

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): COMPLETE
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us