icon

We found results for “

WS-2018-0042

Good to know:

icon

Date: August 30, 2011

Improper error handling vulnerability in TYPO3 4.2.x before 4.2.18, 4.3.x before 4.3.14, 4.4.x before 4.4.11, and 4.5.x before 4.5.6. When configured to explicitly deny cache disabling through an URL parameter ($TYPO3_CONF_VARS['FE']['disableNoCacheParameter']), TYPO3 fails to disable caching when an invalid cache hash URL parameter (cHash) is provided. This allows an attacker to easily flood the caching tables of TYPO3.

Language: PHP

Severity Score

Severity Score

Weakness Type (CWE)

Error Handling

CWE-388

Top Fix

icon

Upgrade Version

Upgrade to version TYPO3_4-3-14,TYPO3_4-4-11,TYPO3_4-5-6

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): LOW

Do you need more information?

Contact Us