logo

Database

Session Fixation In typo3/cms-install

Description

TYPO3 is vulnerable to Session Fixation TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 is open to a session fixation attack which allows remote attackers to hijack a victim's session.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2010-36712. NVD-2010-36713. OSV-2010-36714. GCVE-2010-36715. SECURITY-TRACKER-CVE-2010-3671

References

1. https://github.com/TYPO3/typo3/commit/199cc2d53747d76657d7aab612c6b3f728d0f15d2. https://github.com/TYPO3/typo3/commit/1d649976e1f1bda684cdc7120e9f74a5430591813. https://github.com/TYPO3/typo3/commit/d3577c8e2c49122c4ab5955c70688ee441d06f234. https://github.com/TYPO3/typo3/commit/ef3676281b0346644041a93fcbaa7bd9844bbbc55. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5907196. https://typo3.org/security/advisory/typo3-sa-2010-012/#Broken_Authentication_and_Session_Management

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.