In association with heise online

09 August 2011, 11:05

TYPO3 updates plug multiple security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

TYPO3 Logo The TYPO3 developers have announced that they have found and closed a number of holes in their open source content management system (CMS). These security vulnerabilities, many rated as "High" severity, include cross-site scripting (XSS), information disclosure, unserialize() and authentication delay bypass holes.

These bugs could be exploited by an attacker to, for example, bypass security restrictions, insert scripts, access system information, delete files or conduct XSS attacks. Versions up to and including 4.3.11, 4.4.8 and 4.5.3 of TYPO3 are affected.

Versions 4.3.12, 4.4.9 and 4.5.4 of TYPO3 have been released to address these issues and are available to download from the TYPO3 web site. Administrators are advised to install the updates as soon as possible.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1320108
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit