CVE-2010-3663

{"id": "CVE-2010-3663", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2019-11-04T22:15:10.530", "references": [{"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2010-3663", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend."}, {"lang": "es", "value": "TYPO3 versiones anteriores a la versi\u00f3n 4.1.14, versiones 4.2.x anteriores a la versi\u00f3n 4.2.13, versiones 4.3.x anteriores a la versi\u00f3n 4.3.4 y versiones 4.4.x anteriores a la versi\u00f3n 4.4.1, contiene un valor predeterminado no seguro de la variable fileDenyPattern lo que podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario en el backend ."}], "lastModified": "2019-11-05T17:51:49.200", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FC34E49-A07C-4F08-80FE-2DE14E8B7A77", "versionEndExcluding": "4.1.14"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82040DD2-205F-477D-8D55-95852AAF7AEA", "versionEndExcluding": "4.2.13", "versionStartIncluding": "4.2.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B078FF4B-67AF-419E-995B-2715FCC97493", "versionEndExcluding": "4.3.4", "versionStartIncluding": "4.3.0"}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "18896C89-53F0-4ACA-B3B2-90E0811CBBC3", "versionEndExcluding": "4.4.1", "versionStartIncluding": "4.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}