CVE-2021-21359

Опубликовано: 23 мар. 2021

Источник: nvd

CVSS3: 5.9

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1.

Ссылки

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p
Third Party Advisory
https://packagist.org/packages/typo3/cms-core
Release Notes
Third Party Advisory
https://typo3.org/security/advisory/typo3-core-sa-2021-005
Vendor Advisory
https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p
Third Party Advisory
https://packagist.org/packages/typo3/cms-core
Release Notes
Third Party Advisory
https://typo3.org/security/advisory/typo3-core-sa-2021-005
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

Версия от 9.0.0 (включая) до 9.5.25 (исключая)

cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

Версия от 10.0.0 (включая) до 10.4.14 (исключая)

cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

Версия от 11.0.0 (включая) до 11.1.1 (исключая)

EPSS

Процентиль: 73%

0.00751

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-405

Связанные уязвимости

GHSA-4p9g-qgx9-397p

CVSS3: 5.9

github

почти 5 лет назад

Denial of Service in Page Error Handling

EPSS

Процентиль: 73%

0.00751

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-405