CVE-2010-3714
Priority
Medium
Description
The jumpUrl (aka access tracking) implementation in
tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7,
and 4.4.x before 4.4.4 does not properly compare certain hash values during
access-control decisions, which allows remote attackers to read arbitrary
files via unspecified vectors.
tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7,
and 4.4.x before 4.4.4 does not properly compare certain hash values during
access-control decisions, which allows remote attackers to read arbitrary
files via unspecified vectors.
Package
| Upstream: | released (4.4.4) |
| Ubuntu 8.04 LTS (Hardy Heron): | ignored (reached end-of-life) |
| Ubuntu 10.04 LTS (Lucid Lynx): | needs-triage |
| Ubuntu 11.10 (Oneiric Ocelot): | not-affected (4.5.2+dfsg1-1) |
| Ubuntu 12.04 LTS (Precise Pangolin): | not-affected (4.5.2+dfsg1-1) |
| Ubuntu 12.10 (Quantal Quetzal): | not-affected (4.5.2+dfsg1-1) |
| Ubuntu 13.04 (Raring Ringtail): | not-affected (4.5.2+dfsg1-1) |