Subscribe to Acqal
Got Thoughts? Write Us!
Approved TYPO3 Agency
Acqal is an approved TYPO3 agency focusing on support, training and website migration.
This means that we...
- are available on TYPO3.org
- make substantial contributions to TYPO3 teams
- are registered as business members of the TYPO3 Association
- have completed more than four TYPO3 projects
- have proven our technical abilities with quality TYPO3 extensions
- use TYPO3 for our own website
Popular Blog Posts
Tech Tuesday Went Snowboarding at T3BOARD09
TYPO3 and Other Open Source WCM Systems Dissed Again
Automatic tt_news META descriptions via Acqal's extension aqnewsmeta
TYPO3, comments and Gravatar via Acqal's extension comments_gravatar
TYPO3 Extension cbstarter Version 1.3.2 Released
Sunday at T3BOARD09 in Laax, Switzerland
Not Good, Not Bad, Just Different
Increase TYPO3 Workspace Relation Limits
Getting Help With TYPO3
Looking into TYPO3 Webhosting?
Blog Topics
Virgil on Twitter
Recent Blog Posts
US Political Campaign Websites - The Basics
My Talk at T3CON10 Dallas - TYPO3 User jobs and Tasks
Dallas Barbeque Joint Reviews
T3CON10 Dallas
Acqal is Going Through Some Changes
Creating a MySQL Database for TYPO3 using CPanel
Acqal Promotes Biking and Families with World Vision
It's Official T3CON10-Dallas Web Site Launched! Join Us!
Create a simple "Contact Us" mail form in TYPO3
Configure TYPO3 for Localized Websites
Blog Archives
Acqal's TYPO3 Clients Protected Within 8 Hours of Security Notice
Submitting your vote...
Within 8-hours of TYPO3 Security Bulletin TYPO3-SA-2009-002 being released, Acqal's team had their active client TYPO3 systems updated. Did your TYPO3 CMS provider do the same?
The security bulletin contained a critical fix to an
Information Disclosure vulnerability in jumpUrl mechanism, used to track access on web pages and provided files, allows a remote attacker to read arbitrary files on a host.The expected value of a mandatory hash secret, intended to invalidate such requests, is exposed to remote users allowing them to bypass access control by providing the correct value.
There's no authentication required to exploit this vulnerability. The vulnerability allows to read any file, the web server user account has access to.
If your TYPO3 provider hasn't updated your TYPO3 system yet, contact Acqal for immediate help. Don't let this critical issue go unchecked. Most systems are fixed in under 30 minutes of effort.
Keywords:
- security,patch,update
Add comment
* - required field