BID:69565

TYPO3 LDAP Extension Unspecified Information Disclosure Vulnerability

CVE-2014-6232 |

Info

TYPO3 LDAP Extension Unspecified Information Disclosure Vulnerability

Bugtraq ID:	69565
Class:	Unknown
CVE:	CVE-2014-6232
Remote:	Yes
Local:	No
Published:	Sep 02 2014 12:00AM
Updated:	Sep 05 2014 12:25AM
Credit:	Florian Seirer
Vulnerable:

Not Vulnerable:

Discussion

TYPO3 LDAP Extension Unspecified Information Disclosure Vulnerability

LDAP extension for TYPO3 is prone to an unspecified information-disclosure vulnerability.

Attackers can exploit this issue to harvest sensitive information that may lead to further attacks.

Versions prior to LDAP 2.8.18 are vulnerable.

Exploit / POC

TYPO3 LDAP Extension Unspecified Information Disclosure Vulnerability

Attackers can exploit this issue through a web browser.

Solution / Fix

TYPO3 LDAP Extension Unspecified Information Disclosure Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

References

TYPO3 LDAP Extension Unspecified Information Disclosure Vulnerability

References:

TYPO3 Homepage (TYPO3)