CVE-2009-0255

7.5 HIGH

Published: January 22, 2009 Modified: April 23, 2026

Description

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/33617

Source: cve@mitre.org

Broken Link Vendor Advisory

http://secunia.com/advisories/33679

Source: cve@mitre.org

Broken Link Vendor Advisory

http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/

Source: cve@mitre.org

Vendor Advisory

http://www.debian.org/security/2009/dsa-1711

Source: cve@mitre.org

Mailing List

http://www.securityfocus.com/bid/33376

Source: cve@mitre.org

Broken Link Third Party Advisory VDB Entry

https://exchange.xforce.ibmcloud.com/vulnerabilities/48132

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://secunia.com/advisories/33617