Information disclosure in TYPO3 - #VU8163
Published: September 7, 2017
Vulnerability identifier: #VU8163
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: TYPO3
Affected software:
TYPO3
TYPO3
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists due to insufficient validation of user-supplied data. A remote attacker can send a specially crafted HTTP request to the TYPO3 API, trick the victim into opening it and view potentially sensitive version information on the target system.
The weakness exists due to insufficient validation of user-supplied data. A remote attacker can send a specially crafted HTTP request to the TYPO3 API, trick the victim into opening it and view potentially sensitive version information on the target system.
Remediation
Update to version 7.6.22 or 8.7.5.