CVE-2009-0256

TYPO3 <4.2.3 - Session Fixation

Title source: llm

Description

Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.

References (6)

[Vendor Advisory] http://secunia.com/advisories/33617

[Vendor Advisory] http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48133

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33376

[Third Party Advisory] http://www.debian.org/security/2009/dsa-1711

[Third Party Advisory] http://secunia.com/advisories/33679

Scores

EPSS 0.0091

EPSS Percentile 75.6%

Classification

CWE

CWE-287

Status draft

Affected Products (25)

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

... and 10 more

Timeline

Published Jan 22, 2009

Tracked Since Feb 18, 2026