7.5

CVE-2009-0255

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Typo3Typo3 Version >= 4.0 < 4.0.10
Typo3Typo3 Version >= 4.1.0 < 4.1.8
Typo3Typo3 Version >= 4.2.0 < 4.2.4
DebianDebian Linux Version4.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.44% 0.948
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-330 Use of Insufficiently Random Values

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

http://secunia.com/advisories/33617
Vendor Advisory
Broken Link
http://secunia.com/advisories/33679
Vendor Advisory
Broken Link
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
Vendor Advisory
http://www.debian.org/security/2009/dsa-1711
Mailing List
http://www.securityfocus.com/bid/33376
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/48132
Third Party Advisory
VDB Entry