Typo3 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to an error in the jumpUrl mechanism, which will disclose a hash secret, allowing for arbitrary file access, resulting in a loss of confidentiality.
Classification
Location:
Remote / Network Access
Attack Type:
Input Manipulation
Impact:
Loss of Confidentiality
Solution:
Upgrade
Exploit:
Exploit Public
Disclosure:
Vendor Verified
OSVDB:
Web Related
Solution
Upgrade to version 4.0.12, 4.1.10 or 4.2.6 or higher, as it has been reported to fix this vulnerability. In addition, the vendor has released a patch for some older versions.
This product uses the Daylife API but is not endorsed or certified by Daylife.
This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.