CVE-2009-0256
TYPO3 4.0.0-4.0.9 4.1.0-4.1.7 4.2.0-4.2.3 - Session Fixation via Frontend and Backend Authentication
Title source: llmDescription
Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.
References (6)
Core 6
Core References
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33617
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1711
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33376
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48133
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33679
Scores
EPSS
0.0091
EPSS Percentile
76.1%
Details
CWE
CWE-287
Status
published
Products (23)
typo3/cms
4.0.0 - 4.0.10Packagist
typo3/typo3
4.0
typo3/typo3
4.0.1
typo3/typo3
4.0.2
typo3/typo3
4.0.3
typo3/typo3
4.0.4
typo3/typo3
4.0.5
typo3/typo3
4.0.6
typo3/typo3
4.0.7
typo3/typo3
4.0.8
... and 13 more
Published
Jan 22, 2009
Tracked Since
Feb 18, 2026