CVE-2009-0255

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

History

21 Nov 2024, 00:59

Type Values Removed Values Added
References () http://secunia.com/advisories/33617 - Broken Link, Vendor Advisory () http://secunia.com/advisories/33617 - Broken Link, Vendor Advisory
References () http://secunia.com/advisories/33679 - Broken Link, Vendor Advisory () http://secunia.com/advisories/33679 - Broken Link, Vendor Advisory
References () http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/ - Vendor Advisory () http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/ - Vendor Advisory
References () http://www.debian.org/security/2009/dsa-1711 - Mailing List () http://www.debian.org/security/2009/dsa-1711 - Mailing List
References () http://www.securityfocus.com/bid/33376 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/33376 - Broken Link, Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/48132 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/48132 - Third Party Advisory, VDB Entry

14 Feb 2024, 16:10

Type Values Removed Values Added
References (BID) http://www.securityfocus.com/bid/33376 - (BID) http://www.securityfocus.com/bid/33376 - Broken Link, Third Party Advisory, VDB Entry
References (DEBIAN) http://www.debian.org/security/2009/dsa-1711 - (DEBIAN) http://www.debian.org/security/2009/dsa-1711 - Mailing List
References (SECUNIA) http://secunia.com/advisories/33617 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/33617 - Broken Link, Vendor Advisory
References (SECUNIA) http://secunia.com/advisories/33679 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/33679 - Broken Link, Vendor Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/48132 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/48132 - Third Party Advisory, VDB Entry
CPE cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
CVSS v2 : 5.0
v3 : unknown
v2 : 5.0
v3 : 7.5
First Time Debian
Debian debian Linux
CWE CWE-310 CWE-330

Information

Published : 2009-01-22 23:30

Updated : 2025-04-09 00:30


NVD link : CVE-2009-0255

Mitre link : CVE-2009-0255

CVE.ORG link : CVE-2009-0255


JSON object : View

Products Affected

typo3

  • typo3

debian

  • debian_linux
CWE
CWE-330

Use of Insufficiently Random Values