Moderate severityNVD Advisory· Published Mar 5, 2009· Updated Apr 23, 2026
CVE-2009-0815
CVE-2009-0815
Description
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typo3/cmsPackagist | >= 3.3, < 4.0.12 | 4.0.12 |
typo3/cmsPackagist | >= 4.1, < 4.1.10 | 4.1.10 |
typo3/cmsPackagist | >= 4.2, < 4.2.6 | 4.2.6 |
Affected products
24cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*+ 23 more
- cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/nvdPatchVendor Advisory
- www.debian.org/security/2009/dsa-1720nvdPatchWEB
- github.com/advisories/GHSA-c22j-84c7-cm77ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2009-0815ghsaADVISORY
- www.openwall.com/lists/oss-security/2009/02/10/6nvdWEB
- web.archive.org/web/20091206080208/http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002ghsaWEB
- web.archive.org/web/20200915000000*/http://www.securitytracker.com/idghsaWEB
- www.securitytracker.com/idnvd
News mentions
0No linked articles in our index yet.