Description
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."
References (6)
Core 6
Core References
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2942
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/06/03/2
Scores
EPSS
0.0028
EPSS Percentile
51.1%
Details
CWE
CWE-20
Status
published
Products (50)
typo3/cms
4.5.0 - 4.5.34Packagist
typo3/typo3
4.7.0
typo3/typo3
4.7.1
typo3/typo3
4.7.2
typo3/typo3
4.7.3
typo3/typo3
4.7.4
typo3/typo3
4.7.5
typo3/typo3
4.7.6
typo3/typo3
4.7.7
typo3/typo3
4.7.8
... and 40 more
Published
Jun 03, 2014
Tracked Since
Feb 18, 2026