CVE-2014-8325
high
CVSS v3
—
CVSS v2
7.8
VIR risk
7.8
Description
The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 for TYPO3 allows remote attackers to cause a denial of service (resource consumption) via vectors related to the PHP PCRE library.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: cve@mitre.org — http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-013/
Vendor advisory: cve@mitre.org — http://typo3.org/extensions/repository/view/cal
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| calender_base_project | calender_base | {"endIncluding":"1.5.8"} | |
| calender_base_project | calender_base | 1.5.0 | |
| calender_base_project | calender_base | 1.5.1 | |
| calender_base_project | calender_base | 1.5.2 | |
| calender_base_project | calender_base | 1.5.3 | |
| calender_base_project | calender_base | 1.5.4 | |
| calender_base_project | calender_base | 1.5.5 | |
| calender_base_project | calender_base | 1.5.6 | |
| calender_base_project | calender_base | 1.5.7 | |
| calender_base_project | calender_base | 1.6.0 | |
References
- http://typo3.org/extensions/repository/view/cal
- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-013/
- http://www.openwall.com/lists/oss-security/2014/10/17/11
- http://www.securityfocus.com/bid/70645
- http://typo3.org/extensions/repository/view/cal
- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-013/
- http://www.openwall.com/lists/oss-security/2014/10/17/11
- http://www.securityfocus.com/bid/70645
CWEs
CWE-399
Verify integrity in audit chain (admin only). AS-IS.