Fix Typo3 Bug "typo3-sa-2009-002": An Information Disclosure vulnerability in jumpUrl mechanism, used to track access on web pages and provided files, allows a remote attacker to read arbitrary files on a host. The expected value of a mandatory hash secret, intended to invalidate such requests, is exposed to remote users allowing them to bypass access control by providing the correct value. Theres no authentication required to exploit this vulnerability. The vulnerability allows to read any file, the web server user account has access to. http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2009-002/ See README.txt in the extension package.
Now obsolete. Please update core.
Version | Upload comment | Works with TYPO3 | Download |
---|---|---|---|
2.0.1 /
obsolete
May 14, 2014 |
Now obsolete. Please update core.
|
4.1.0 - 4.2.5 | Download |
2.0.0 /
stable
February 13, 2009 |
First Public Release. This extension hotfix the "typo3-sa-2009-002" bug. You do not need this extension if youre using Typo3 4.2.6 or more recent. |
Download |