Main Vulnerability Database Vulnerabilities #VU40968

Input validation error in TYPO3 - CVE-2014-9509

Published: January 4, 2015 / Updated: August 9, 2020

Vulnerability identifier: #VU40968

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-9509

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TYPO3

Affected software:
TYPO3

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.

How to mitigate CVE-2014-9509

Install update from vendor's website.

Sources

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/

Input validation error in TYPO3 - CVE-2014-9509

Detailed vulnerability description

How to mitigate CVE-2014-9509

Sources

Please verify you're human