7.5
CVE-2009-0255
- EPSS 9.44%
- Veröffentlicht 22.01.2009 23:30:00
- Zuletzt bearbeitet 16.06.2026 23:04:35
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 9.44% | 0.948 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-330 Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
http://secunia.com/advisories/33617
http://secunia.com/advisories/33679
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
http://www.debian.org/security/2009/dsa-1711
http://www.securityfocus.com/bid/33376
https://exchange.xforce.ibmcloud.com/vulnerabilities/48132