Monday, 23 February 2015

TYPO3 Warns Of Critical Vulnerability In CMS


The developers of the popular content management system (CMS) TYPO3 have warned of a critical flaw in the software that only can be logged in with a user name. To also carry out the attack, the CMS software must be set in a certain way.

The system extension must "rsaauth" are loaded and configured in a particular way for frontend use. Furthermore, there must be a vulnerable CMS version installed. The leak, which has not yet CVE number, is present in versions 4.3.0 t / m 4.3.14, 4.4.0 t / m 4.4.15, 4.5.0 t / m 5.4.39 and 4.6.0 t / m 04/06/18. Users have strongly advised to upgrade to 5.4.40 or use a specially crafted shell script that vulnerable TYPO3 versions patches.

1 comment:

  1. I really appreciate information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in Typo3, kindly contact us http://www.maxmunus.com/contact
    MaxMunus Offer World Class Virtual Instructor led training on Typo3. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 100000+ trainings in India, USA, UK, Australlia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.
    For Demo Contact us:
    Name : Arunkumar U
    Email : arun@maxmunus.com
    Skype id: training_maxmunus
    Contact No.-+91-9738507310
    Company Website –http://www.maxmunus.com


    ReplyDelete