The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2009-03-05T02:00:00
Updated: 2010-04-27T09:00:00
Reserved: 2009-03-04T00:00:00
Link: CVE-2009-0815
JSON object: View
NVD Information
Status : Analyzed
Published: 2009-03-05T02:30:00.563
Modified: 2010-04-27T04:00:00.000
Link: CVE-2009-0815
JSON object: View
Redhat Information
No data.
CWE