CVE-2022-36104

Опубликовано: 13 сент. 2022

Источник: nvd

CVSS3: 5.9

CVSS3: 7.5

EPSS Низкий

Описание

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue.

Ссылки

https://github.com/TYPO3/typo3/commit/179dd7cd78947081d573fee2050e197faa556f13
Patch
Third Party Advisory
https://github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q
Third Party Advisory
https://typo3.org/security/advisory/typo3-core-sa-2022-006
Vendor Advisory
https://github.com/TYPO3/typo3/commit/179dd7cd78947081d573fee2050e197faa556f13
Patch
Third Party Advisory
https://github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q
Third Party Advisory
https://typo3.org/security/advisory/typo3-core-sa-2022-006
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

Версия от 11.4.0 (включая) до 11.5.15 (включая)

EPSS

Процентиль: 68%

0.0056

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-770

Связанные уязвимости

GHSA-fffr-7x4x-f98q

CVSS3: 5.9

github

больше 3 лет назад

TYPO3 CMS vulnerable to Denial of Service in Page Error Handling

EPSS

Процентиль: 68%

0.0056

Низкий

5.9 Medium

CVSS3

7.5 High

CVSS3

Дефекты

CWE-770