CVE-2014-9509
TYPO3 <4.5.39, 4.6.x-6.2.x<6.2.9, 7.x<7.0.2 - Info Disclosure
Title source: llmDescription
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.
References (1)
Core 1
Core References
Exploit, Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/
Scores
EPSS
0.0063
EPSS Percentile
70.6%
Details
CWE
CWE-20
Status
published
Products (50)
typo3/cms
4.5.0 - 4.5.39Packagist
typo3/typo3
4.5.0
typo3/typo3
4.5.1
typo3/typo3
4.5.2
typo3/typo3
4.5.3
typo3/typo3
4.5.4
typo3/typo3
4.5.5
typo3/typo3
4.5.6
typo3/typo3
4.5.7
typo3/typo3
4.5.8
... and 40 more
Published
Jan 04, 2015
Tracked Since
Feb 18, 2026