CVE-2009-0815
TYPO3 leaks a hash secret in an error message
EPSS 52.8%
Description
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
How to fix CVE-2009-0815
To remediate CVE-2009-0815, upgrade the affected package to a fixed version below.
- Debian/typo3-src—upgrade to 4.2.5-1+lenny1 or later
- Packagist/typo3/cms—upgrade to 4.0.12 or later
Is CVE-2009-0815 being exploited?
Likely — EPSS is 52.8%, placing CVE-2009-0815 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 4.2.5-1+lenny1
- >= 3.3, < 4.0.12
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |