| Name | CVE-2009-3635 |
| Description | The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-1926-1 |
| Debian Bugs | 552020 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| typo3-src | source | etch | 4.0.2+debian-9 | DSA-1926-1 | ||
| typo3-src | source | lenny | 4.2.5-1+lenny2 | DSA-1926-1 | ||
| typo3-src | source | (unstable) | 4.2.10-1 | medium | 552020 |