CVE-2012-1605
N/A
N/A
Summary
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.openwall.com/lists/oss-security/2012/03/30/4
- http://www.osvdb.org/80759
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
- http://www.securityfocus.com/bid/52771
References
- http://www.openwall.com/lists/oss-security/2012/03/30/4
- http://www.osvdb.org/80759
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
- http://www.securityfocus.com/bid/52771
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.