{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-12-16T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the \"file inclusion functionality.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01.000Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"}, {"name": "70119", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/70119"}, {"name": "45470", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/45470"}, {"name": "typo3-unspecified-file-include(64180)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"}, {"name": "35770", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35770"}, {"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"}, {"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"}, {"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"}, {"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-5101", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the \"file inclusion functionality.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/", "refsource": "CONFIRM", "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"}, {"name": "70119", "refsource": "OSVDB", "url": "http://www.osvdb.org/70119"}, {"name": "45470", "refsource": "BID", "url": "http://www.securityfocus.com/bid/45470"}, {"name": "typo3-unspecified-file-include(64180)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"}, {"name": "35770", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35770"}, {"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"}, {"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"}, {"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"}, {"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:09:39.109Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"}, {"name": "70119", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/70119"}, {"name": "45470", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/45470"}, {"name": "typo3-unspecified-file-include(64180)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"}, {"name": "35770", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35770"}, {"name": "[oss-security] 20120512 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"}, {"name": "[oss-security] 20110113 CVE requests: ftpls, xdigger, lbreakout2, calibre, typo3", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"}, {"name": "[oss-security] 20120510 Re: CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"}, {"name": "[oss-security] 20120511 CVE-request: TYPO3 TYPO3-SA-2010-022 still without CVE", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-5101", "datePublished": "2012-05-21T20:00:00.000Z", "dateReserved": "2012-04-30T00:00:00.000Z", "dateUpdated": "2024-08-07T04:09:39.109Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "7FFAD319-DDFC-499F-86AB-141FBE435F6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "E068CC16-6995-40C6-BA24-9CA334C4CABB", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "E3B79B49-B4A1-472D-9F6E-BF9ADA3E2EC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "26DF36E3-785F-4515-8999-BF48A255907F", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "F143436A-848B-443F-95E2-B20BC2403CDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "EB5B21D3-7955-450F-8357-A37905B963B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "2CC67810-D2C5-4242-ACF2-CF7E9C56D7FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "E485652B-FDE0-44C1-83F5-D22B16BEBB34", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "E3A987C0-51DF-464C-8F4D-03C9CAD256EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "718E405D-4127-4D0E-85BB-83800264AD61", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "AF72642B-8766-44A3-8CB0-D094929AAA6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "DF56D768-6D41-472D-AA42-0C209534AB30", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6066CFA2-202E-43A3-B1DF-36364ABD5A1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "13C922A9-05A3-4D98-A568-F780CCA87E39", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "44E9893A-2771-4C04-9F90-B10EE659088E", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "31DA3600-C955-46B0-8BD9-C9B3FC0B81EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "C7ED0C04-33BA-4F9B-97B0-BB5D30C2A0D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*", "matchCriteriaId": "4E40CC0D-E7EF-4800-AC0B-5AF603B8BC6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*", "matchCriteriaId": "16759F16-34C6-4C2C-BECB-12555EEEBDA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.7:*:*:*:*:*:*:*", "matchCriteriaId": "EBB331CC-3125-454E-BCBE-B85540B62110", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.3.8:*:*:*:*:*:*:*", "matchCriteriaId": "E9B46AB0-D925-4E74-8D15-40EE3BC0B14A", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "A9319A96-D510-47DB-9DBC-C16C0947E4C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "40E0FDF1-E63C-48C9-98E2-55E3FD891882", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "E6D22400-E6A1-4C3A-B16F-E14672B86D14", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "2DFA0996-4839-4FDB-9B9D-5F8424946F9A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the \"file inclusion functionality.\""}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en la configuraci\u00f3n de TypoScript en TYPO3 v4.2.x y anteriores a v4.2.16, v4.3.x y anteriores a v4.3.9, y v4.4.x anteriores a v4.4.5. permite a administradores remotos autenticados leer ficheros arbitrarios a trav\u00e9s de vectores no especificados y relacionados con la \"funcionalidad de inclusi\u00f3n de fichero\"."}], "id": "CVE-2010-5101", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2012-05-21T20:55:16.710", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35770"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"}, {"source": "secalert@redhat.com", "url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"}, {"source": "secalert@redhat.com", "url": "http://www.osvdb.org/70119"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/45470"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2011/01/13/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/05/10/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/05/11/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2012/05/12/5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/70119"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/45470"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}