Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9508

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-9508
Last Modified 06 Jan 2015 11:48:58
Published 04 Jan 2015 04:59:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9508

Summary

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.

Vulnerable Systems

Application

  • Typo3 4.5.0

  • Typo3 4.5.1

  • Typo3 4.5.10

  • Typo3 4.5.11

  • Typo3 4.5.12

  • Typo3 4.5.13

  • Typo3 4.5.14

  • Typo3 4.5.15

  • Typo3 4.5.16

  • Typo3 4.5.17

  • Typo3 4.5.18

  • Typo3 4.5.19

  • Typo3 4.5.2

  • Typo3 4.5.20

  • Typo3 4.5.21

  • Typo3 4.5.22

  • Typo3 4.5.23

  • Typo3 4.5.24

  • Typo3 4.5.25

  • Typo3 4.5.26

  • Typo3 4.5.27

  • Typo3 4.5.28

  • Typo3 4.5.29

  • Typo3 4.5.3

  • Typo3 4.5.30

  • Typo3 4.5.31

  • Typo3 4.5.32

  • Typo3 4.5.33

  • Typo3 4.5.34

  • Typo3 4.5.35

  • Typo3 4.5.36

  • Typo3 4.5.37

  • Typo3 4.5.38

  • Typo3 4.5.4

  • Typo3 4.5.5

  • Typo3 4.5.6

  • Typo3 4.5.7

  • Typo3 4.5.8

  • Typo3 4.5.9

  • Typo3 4.6.0

  • Typo3 4.6.1

  • Typo3 4.6.10

  • Typo3 4.6.11

  • Typo3 4.6.12

  • Typo3 4.6.13

  • Typo3 4.6.14

  • Typo3 4.6.15

  • Typo3 4.6.16

  • Typo3 4.6.17

  • Typo3 4.6.18

  • Typo3 4.6.2

  • Typo3 4.6.3

  • Typo3 4.6.4

  • Typo3 4.6.5

  • Typo3 4.6.6

  • Typo3 4.6.7

  • Typo3 4.6.8

  • Typo3 4.6.9

  • Typo3 4.7.0

  • Typo3 4.7.1

  • Typo3 4.7.10

  • Typo3 4.7.11

  • Typo3 4.7.12

  • Typo3 4.7.13

  • Typo3 4.7.14

  • Typo3 4.7.15

  • Typo3 4.7.16

  • Typo3 4.7.17

  • Typo3 4.7.18

  • Typo3 4.7.19

  • Typo3 4.7.2

  • Typo3 4.7.20

  • Typo3 4.7.3

  • Typo3 4.7.4

  • Typo3 4.7.5

  • Typo3 4.7.6

  • Typo3 4.7.7

  • Typo3 4.7.8

  • Typo3 4.7.9

  • Typo3 6.0

  • Typo3 6.0.1

  • Typo3 6.0.10

  • Typo3 6.0.11

  • Typo3 6.0.12

  • Typo3 6.0.13

  • Typo3 6.0.14

  • Typo3 6.0.2

  • Typo3 6.0.3

  • Typo3 6.0.4

  • Typo3 6.0.5

  • Typo3 6.0.6

  • Typo3 6.0.7

  • Typo3 6.0.8

  • Typo3 6.0.9

  • Typo3 6.1

  • Typo3 6.1.1

  • Typo3 6.1.2

  • Typo3 6.1.3

  • Typo3 6.1.4

  • Typo3 6.1.5

  • Typo3 6.1.6

  • Typo3 6.1.7

  • Typo3 6.1.8

  • Typo3 6.1.9

  • Typo3 6.2

  • Typo3 6.2.0

  • Typo3 6.2.1

  • Typo3 6.2.2

  • Typo3 6.2.3

  • Typo3 6.2.4

  • Typo3 6.2.5

  • Typo3 6.2.6

  • Typo3 6.2.7

  • Typo3 6.2.8

  • Typo3 7.0.0

  • Typo3 7.0.1


References

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/


Last Updated: 27 May 2016 11:07:26