Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Typo3 | Typo3 | 4.5 (including) | 4.5 (including) |
| Typo3 | Typo3 | 4.5.0 (including) | 4.5.0 (including) |
| Typo3 | Typo3 | 4.5.1 (including) | 4.5.1 (including) |
| Typo3 | Typo3 | 4.5.2 (including) | 4.5.2 (including) |
| Typo3 | Typo3 | 4.5.3 (including) | 4.5.3 (including) |
| Typo3 | Typo3 | 4.5.4 (including) | 4.5.4 (including) |
| Typo3 | Typo3 | 4.5.5 (including) | 4.5.5 (including) |
| Typo3 | Typo3 | 4.5.6 (including) | 4.5.6 (including) |
| Typo3 | Typo3 | 4.5.7 (including) | 4.5.7 (including) |
| Typo3 | Typo3 | 4.5.8 (including) | 4.5.8 (including) |
| Typo3 | Typo3 | 4.5.9 (including) | 4.5.9 (including) |
| Typo3 | Typo3 | 4.5.10 (including) | 4.5.10 (including) |
| Typo3 | Typo3 | 4.5.11 (including) | 4.5.11 (including) |
| Typo3 | Typo3 | 4.5.12 (including) | 4.5.12 (including) |
| Typo3 | Typo3 | 4.5.13 (including) | 4.5.13 (including) |
| Typo3 | Typo3 | 4.5.14 (including) | 4.5.14 (including) |
| Typo3 | Typo3 | 4.5.15 (including) | 4.5.15 (including) |
| Typo3 | Typo3 | 4.5.16 (including) | 4.5.16 (including) |
| Typo3 | Typo3 | 4.5.17 (including) | 4.5.17 (including) |
| Typo3 | Typo3 | 4.5.18 (including) | 4.5.18 (including) |
| Typo3 | Typo3 | 4.5.19 (including) | 4.5.19 (including) |
| Typo3 | Typo3 | 4.5.22 (including) | 4.5.22 (including) |
| Typo3 | Typo3 | 4.5.23 (including) | 4.5.23 (including) |
| Typo3-src | Ubuntu | hardy | * |
| Typo3-src | Ubuntu | lucid | * |
| Typo3-src | Ubuntu | oneiric | * |
| Typo3-src | Ubuntu | precise | * |
| Typo3-src | Ubuntu | quantal | * |
| Typo3-src | Ubuntu | upstream | * |
References
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html
- http://secunia.com/advisories/52433
- http://secunia.com/advisories/52638
- http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/
- http://www.debian.org/security/2013/dsa-2646
- http://www.openwall.com/lists/oss-security/2013/03/12/3
- http://www.osvdb.org/90924
- http://www.securityfocus.com/bid/58330
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html
- http://secunia.com/advisories/52433
- http://secunia.com/advisories/52638
- http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/
- http://www.debian.org/security/2013/dsa-2646
- http://www.openwall.com/lists/oss-security/2013/03/12/3
- http://www.osvdb.org/90924
- http://www.securityfocus.com/bid/58330