Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9509

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-9509
Last Modified 06 Jan 2015 09:42:09
Published 04 Jan 2015 04:59:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9509

Summary

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.

Vulnerable Systems

Application

  • Typo3 4.5.0

  • Typo3 4.5.1

  • Typo3 4.5.10

  • Typo3 4.5.11

  • Typo3 4.5.12

  • Typo3 4.5.13

  • Typo3 4.5.14

  • Typo3 4.5.15

  • Typo3 4.5.16

  • Typo3 4.5.17

  • Typo3 4.5.18

  • Typo3 4.5.19

  • Typo3 4.5.2

  • Typo3 4.5.20

  • Typo3 4.5.21

  • Typo3 4.5.22

  • Typo3 4.5.23

  • Typo3 4.5.24

  • Typo3 4.5.25

  • Typo3 4.5.26

  • Typo3 4.5.27

  • Typo3 4.5.28

  • Typo3 4.5.29

  • Typo3 4.5.3

  • Typo3 4.5.30

  • Typo3 4.5.31

  • Typo3 4.5.32

  • Typo3 4.5.33

  • Typo3 4.5.34

  • Typo3 4.5.35

  • Typo3 4.5.36

  • Typo3 4.5.37

  • Typo3 4.5.38

  • Typo3 4.5.4

  • Typo3 4.5.5

  • Typo3 4.5.6

  • Typo3 4.5.7

  • Typo3 4.5.8

  • Typo3 4.5.9

  • Typo3 4.6.0

  • Typo3 4.6.1

  • Typo3 4.6.10

  • Typo3 4.6.11

  • Typo3 4.6.12

  • Typo3 4.6.13

  • Typo3 4.6.14

  • Typo3 4.6.15

  • Typo3 4.6.16

  • Typo3 4.6.17

  • Typo3 4.6.18

  • Typo3 4.6.2

  • Typo3 4.6.3

  • Typo3 4.6.4

  • Typo3 4.6.5

  • Typo3 4.6.6

  • Typo3 4.6.7

  • Typo3 4.6.8

  • Typo3 4.6.9

  • Typo3 4.7.0

  • Typo3 4.7.1

  • Typo3 4.7.10

  • Typo3 4.7.11

  • Typo3 4.7.12

  • Typo3 4.7.13

  • Typo3 4.7.14

  • Typo3 4.7.15

  • Typo3 4.7.16

  • Typo3 4.7.17

  • Typo3 4.7.18

  • Typo3 4.7.19

  • Typo3 4.7.2

  • Typo3 4.7.20

  • Typo3 4.7.3

  • Typo3 4.7.4

  • Typo3 4.7.5

  • Typo3 4.7.6

  • Typo3 4.7.7

  • Typo3 4.7.8

  • Typo3 4.7.9

  • Typo3 6.0

  • Typo3 6.0.1

  • Typo3 6.0.10

  • Typo3 6.0.11

  • Typo3 6.0.12

  • Typo3 6.0.13

  • Typo3 6.0.14

  • Typo3 6.0.2

  • Typo3 6.0.3

  • Typo3 6.0.4

  • Typo3 6.0.5

  • Typo3 6.0.6

  • Typo3 6.0.7

  • Typo3 6.0.8

  • Typo3 6.0.9

  • Typo3 6.1

  • Typo3 6.1.1

  • Typo3 6.1.2

  • Typo3 6.1.3

  • Typo3 6.1.4

  • Typo3 6.1.5

  • Typo3 6.1.6

  • Typo3 6.1.7

  • Typo3 6.1.8

  • Typo3 6.1.9

  • Typo3 6.2

  • Typo3 6.2.0

  • Typo3 6.2.1

  • Typo3 6.2.2

  • Typo3 6.2.3

  • Typo3 6.2.4

  • Typo3 6.2.5

  • Typo3 6.2.6

  • Typo3 6.2.7

  • Typo3 6.2.8

  • Typo3 7.0.0

  • Typo3 7.0.1


References

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/


Last Updated: 27 May 2016 11:07:26