CVE-2010-3714

The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Typo3	Typo3	4.2.0 (including)	4.2.0 (including)
Typo3	Typo3	4.2.1 (including)	4.2.1 (including)
Typo3	Typo3	4.2.2 (including)	4.2.2 (including)
Typo3	Typo3	4.2.3 (including)	4.2.3 (including)
Typo3	Typo3	4.2.4 (including)	4.2.4 (including)
Typo3	Typo3	4.2.5 (including)	4.2.5 (including)
Typo3	Typo3	4.2.6 (including)	4.2.6 (including)
Typo3	Typo3	4.2.7 (including)	4.2.7 (including)
Typo3	Typo3	4.2.8 (including)	4.2.8 (including)
Typo3	Typo3	4.2.9 (including)	4.2.9 (including)
Typo3	Typo3	4.2.10 (including)	4.2.10 (including)
Typo3	Typo3	4.2.11 (including)	4.2.11 (including)
Typo3	Typo3	4.2.12 (including)	4.2.12 (including)
Typo3	Typo3	4.2.13 (including)	4.2.13 (including)
Typo3	Typo3	4.2.14 (including)	4.2.14 (including)
Typo3	Typo3	4.3.0 (including)	4.3.0 (including)
Typo3	Typo3	4.3.1 (including)	4.3.1 (including)
Typo3	Typo3	4.3.2 (including)	4.3.2 (including)
Typo3	Typo3	4.3.3 (including)	4.3.3 (including)
Typo3	Typo3	4.3.4 (including)	4.3.4 (including)
Typo3	Typo3	4.3.5 (including)	4.3.5 (including)
Typo3	Typo3	4.3.6 (including)	4.3.6 (including)
Typo3	Typo3	4.4 (including)	4.4 (including)
Typo3	Typo3	4.4.1 (including)	4.4.1 (including)
Typo3	Typo3	4.4.2 (including)	4.4.2 (including)
Typo3	Typo3	4.4.3 (including)	4.4.3 (including)
Typo3-src	Ubuntu	dapper	*
Typo3-src	Ubuntu	hardy	*
Typo3-src	Ubuntu	jaunty	*
Typo3-src	Ubuntu	karmic	*
Typo3-src	Ubuntu	lucid	*
Typo3-src	Ubuntu	maverick	*
Typo3-src	Ubuntu	natty	*
Typo3-src	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2010-3714
CWE	https://cwe.mitre.org/data/definitions/264.html

Affected Software

References