CVE-2010-3714

Priority
Medium
Description
The jumpUrl (aka access tracking) implementation in
tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7,
and 4.4.x before 4.4.4 does not properly compare certain hash values during
access-control decisions, which allows remote attackers to read arbitrary
files via unspecified vectors.
References
Package
Upstream:released (4.4.4)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (4.5.2+dfsg1-1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (4.5.2+dfsg1-1)
Ubuntu 13.04 (Raring Ringtail):not-affected (4.5.2+dfsg1-1)
Ubuntu 13.10 (Saucy Salamander):not-affected (4.5.2+dfsg1-1)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (4.5.2+dfsg1-1)
More Information

Valid XHTML 1.0 Strict

Updated: 2013-12-20 21:16:20 UTC (commit 7585)