Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2014-9508 (GCVE-0-2014-9508)
Vulnerability from cvelistv5 – Published: 2015-01-04 21:00 – Updated: 2024-08-06 13:47
VLAI?
EPSS
Summary
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:47:41.065Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2016:2169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2016:2169",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2169",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9508",
"datePublished": "2015-01-04T21:00:00.000Z",
"dateReserved": "2015-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:47:41.065Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-V6XV-RMQC-WCC8
Vulnerability from github – Published: 2022-05-17 03:45 – Updated: 2023-08-16 22:31
VLAI?
Summary
Typo3 Open Redirect In Frontend Rendering
Details
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, allows remote attackers to change URLs to arbitrary domains.
An attacker could forge a request which modifies anchor only links on the homepage of a TYPO3 installation such that they point to arbitrary domains, if the configuration option config.prefixLocalAnchors is used with any possible value. TYPO3 versions 4.6.x and higher are only affected if the homepage is not a shortcut to a different page. As an additional pre-condition, URL rewriting must be enabled in the web server (which it typically is) when using extensions like realurl or cooluri.
Installations where config.absRefPrefix is additionally set to any value are not affected by this vulnerability.
Example of affected configuration:
config.absRefPrefix =
config.prefixLocalAnchors = all
page = PAGE
page.10 = TEXT
page.10.value = <a href="#skiplinks">Skiplinks</a>
.htaccess:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule .* index.php [L]
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms"
},
"ranges": [
{
"events": [
{
"introduced": "4.5.0"
},
{
"fixed": "4.5.39"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms"
},
"ranges": [
{
"events": [
{
"introduced": "4.6.0"
},
{
"fixed": "6.2.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "typo3/cms"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2014-9508"
],
"database_specific": {
"cwe_ids": [
"CWE-59"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-16T22:31:44Z",
"nvd_published_at": "2015-01-04T21:59:00Z",
"severity": "MODERATE"
},
"details": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, allows remote attackers to change URLs to arbitrary domains.\n\nAn attacker could forge a request which modifies anchor only links on the homepage of a TYPO3 installation such that they point to arbitrary domains, if the configuration option `config.prefixLocalAnchors` is used with any possible value. TYPO3 versions 4.6.x and higher are only affected if the homepage is not a shortcut to a different page. As an additional pre-condition, URL rewriting must be enabled in the web server (which it typically is) when using extensions like realurl or cooluri.\n\nInstallations where `config.absRefPrefix` is additionally set to any value are not affected by this vulnerability.\n\nExample of affected configuration:\n\n```php\nconfig.absRefPrefix =\nconfig.prefixLocalAnchors = all \npage = PAGE \npage.10 = TEXT \npage.10.value = \u003ca href=\"#skiplinks\"\u003eSkiplinks\u003c/a\u003e \n.htaccess:\n\nRewriteCond %{REQUEST_FILENAME} !-f \nRewriteCond %{REQUEST_FILENAME} !-d \nRewriteCond %{REQUEST_FILENAME} !-l \nRewriteRule .* index.php [L] \n```",
"id": "GHSA-v6xv-rmqc-wcc8",
"modified": "2023-08-16T22:31:44Z",
"published": "2022-05-17T03:45:52Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9508"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-9508.yaml"
},
{
"type": "WEB",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2014-003"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"type": "WEB",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Typo3 Open Redirect In Frontend Rendering"
}
FKIE_CVE-2014-9508
Vulnerability from fkie_nvd - Published: 2015-01-04 21:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6523E669-DD41-4A28-A4D4-83CC8BE0143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDAE81E-15AD-4C1D-8989-9EFA6445885F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "D451E97C-061F-43D3-B3B3-FD46C694C934",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8DF53F-3E5A-485E-8430-348207EBFF81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BC68F0F3-89BC-4398-95EE-6358094B284B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"matchCriteriaId": "28352CAB-EF6C-43DC-9487-202151B18612",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"matchCriteriaId": "635C90E5-BBCE-4662-BC16-4F04FCE04785",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"matchCriteriaId": "32D324F6-E73B-4F54-A4B1-431550C08341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "96AC3681-104E-4A33-B9F7-F648DB4B8193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE92575-D6F5-4304-8347-19E75EA35331",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1954F5-A6EF-4A95-976E-5295197EEB2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"matchCriteriaId": "71834B10-8897-466C-9B2E-21FC04400540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"matchCriteriaId": "BB69F7E9-001D-42B3-BEB4-B294737AD27B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8530B-0311-45AA-92B4-6FF2CE388E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A53B9001-C5B4-4D19-A314-118E3A292346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"matchCriteriaId": "E663FE0B-B509-4427-A2A0-9EB53E26810F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA36C35-E9BD-4ED2-B6CB-950D641678E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"matchCriteriaId": "12A54839-425D-4D28-8AD2-479A593474FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"matchCriteriaId": "83542527-9738-46C0-A4D2-D5E2E203CD49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"matchCriteriaId": "72B68AE9-081A-4BE0-A2AF-969216D26637",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"matchCriteriaId": "253A3E84-401E-4F9F-8A9A-B8C464C69929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"matchCriteriaId": "08742759-FFC8-4908-B319-4EC279C6AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4B4B3F-D7BE-493C-ABF6-416FF89C4A40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "36748261-81EF-4E39-8EC5-A67F054B623F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "21CC1BD2-CB44-4C0F-8B87-6272AEEBDEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.33:*:*:*:*:*:*:*",
"matchCriteriaId": "D7129E4A-834D-4405-853B-89F1BD7965E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.34:*:*:*:*:*:*:*",
"matchCriteriaId": "E80654F2-42D2-4E47-B069-126327B83C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.35:*:*:*:*:*:*:*",
"matchCriteriaId": "AABC3190-44FF-4F75-BBA6-CE9D1BAC4096",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.36:*:*:*:*:*:*:*",
"matchCriteriaId": "4ADA397D-D126-456C-BE3B-D129197CEA19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.37:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7399A6-3078-458B-BF84-39081214BC13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.5.38:*:*:*:*:*:*:*",
"matchCriteriaId": "24D7D3E2-00DF-4F93-8978-24EAFAA6A916",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88CBAAC7-5207-45E8-86D5-18D98259070D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB6F1E7-351D-45E7-9571-2AF4283080DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B3B4A9-BDC7-4426-98FB-398B63AF3D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0016A078-1291-4281-BA62-5A846AEE7584",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F11DB8A8-8309-4FC9-BA35-1AFFC5B4AE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9661D2DB-F24C-478B-B691-303D48D9B158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1FD6B9-7FAC-4508-962A-99AF63EB4B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "14369AD5-2622-4530-BCD5-A95C032CE4CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "D7CBAD29-18E9-4097-88FA-4D287A9A877A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9F5144AE-E076-48B5-9EA3-2F0BEC34D92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "46246047-B415-437A-AC0E-2A7157D47C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6C98937C-C769-40C9-841F-D9F0A49AAE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1E7C54D4-B953-442F-99A8-96B505C15DCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "495B1280-1C65-45FE-B5C5-ED1BD7AF429F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "8A6CE19A-3985-45AC-9DF5-64572AA9ECC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA8422F-5A4B-4696-AF31-F1128FCF482F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA625B3-16A2-436F-A63D-0B5200BAA955",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "13FE26EF-79DC-4907-A593-414679AAE9B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36FFBD83-F3FE-4913-8578-98F27E39A73C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3AA3E69-C22E-463C-837F-42EE6B59E350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "082BD28F-5FEE-4D25-98CF-27513DBF0E39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86F5F3DD-55D7-4028-A228-2A737A51FDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5F89DD9F-019A-4AD3-AD0E-4F20F1AF5C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "684500C9-8532-45C4-8F29-33AAC3DDA3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2F830A8F-C51C-4CED-BCA2-845C312087FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2C537426-82DB-426B-BB95-CC119C20266A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D3AE18-7B26-4448-AF98-0D2692C80BC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AD3ED8-5107-418D-8F0F-6B07845D3C74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A2FEFD3C-A4CC-4FCC-8ECD-3EE1E69DE58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1EE4B6-9256-494E-A11B-9700F0376AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"matchCriteriaId": "3D0A8566-4A01-4948-A237-3CED2D065FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"matchCriteriaId": "B5459D18-7283-4650-9304-7F576AB1D779",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"matchCriteriaId": "B404C733-4F5C-4EB2-B4B9-F25A95BB6E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"matchCriteriaId": "31BDE85A-5F76-4249-9B38-B3A1649F777D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6357ACD4-E404-489A-B218-1CED134F4893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B6650206-8DD5-4D05-BBD2-15A12842117B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.18:*:*:*:*:*:*:*",
"matchCriteriaId": "8D9712BC-E1C2-46AF-8111-DE5523DFF3DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.19:*:*:*:*:*:*:*",
"matchCriteriaId": "17025DCC-2685-4EC4-BD0B-34F768181A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.7.20:*:*:*:*:*:*:*",
"matchCriteriaId": "81FC167D-7CD8-42B1-AD3B-B6534BB8203E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "84C095F8-000A-4A8D-81DE-047810345A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "976AAF6F-BF03-40B7-B7D2-22101BD857D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6E98D0D9-D9AE-44F7-8233-F92EB330B152",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36EA784A-7C3A-41DA-B444-D01E3BC144BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7294AA8B-0CD3-47A2-91DC-A882F7F3BDFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4D28DD85-FBB3-4DD4-B525-7AFD32BE55F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "80C21E07-5083-4C86-AA9D-FCB73F636060",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5DAE1BB4-2DBD-489E-B3F9-88CF414EAC2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0724FE19-F0A4-4055-996A-2B7844CAC426",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A862C28E-B1B9-4541-A559-D0BD16E575B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "EA1DE94A-DDCD-4067-A0C0-16904F6B7EC7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7C6DD4A1-C865-4AC8-86BC-8F92319F33A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7ACA06-C0C1-4EEA-A629-C453C97660A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3C444E62-897D-4C7A-AEC6-C5728166A11A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF13769-3F5A-4766-A8DA-8B939CB1AB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C140F242-CF7C-4CB6-A358-5C8DB0F26DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81EAC0BA-B6AC-42BA-AEEE-946E1FBD770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD31180A-8BD6-49AC-A758-5FA4C9A7B4C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E06A3B0C-364F-42A3-803B-6CE1EAB386C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "692DE690-C921-403B-9966-60CB23FF5D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "94C181FE-F3A9-4C7E-955F-0CCD4E6B4DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "11DD1626-884F-40EE-9721-2FCF7F14F781",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "BFFF68DC-AFBB-4055-83AF-BAFE9C68FBC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0F0FB1F-45D1-49A8-8882-393B16E6AA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A51F600B-F3BB-4C8A-8188-3F5E4D59114B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7715060-1441-4CF9-BEDF-91D28FE31ECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "7183456A-52B4-4386-8979-A2ECEA9959FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "16EEC79F-3293-451C-864E-9CE020F6C730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "8FD27EAD-04D5-4C55-952E-020954B90CEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "99262E73-E4A7-4657-A32E-3C289C052675",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E230A800-B2DE-4ED4-9C6B-961832C39900",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1A96891D-A2B1-492C-A914-51F9631D5C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7316A8-E445-45C6-BFD9-8E19254AC7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D95C12B4-51F1-4FFC-892B-1432D1E5219A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "308EF598-B9DF-47C5-A1AC-1A2A16767E84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1A3A5E5D-E8A9-4B2F-B423-9F1B9E761A9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9EDF6E-299A-4277-9C2F-B25D5F9A189E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC254112-3695-422E-BD5B-B5E65F61B4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CC7DF87-E8E8-4333-8549-5607328399BF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors."
},
{
"lang": "es",
"value": "El componente frontend rendering en TYPO3 4.5.x anterior a 4.5.39, 4.6.x hasta 6.2.x anterior a 6.2.9, y 7.x anterior a 7.0.2, cuando config.prefixLocalAnchors est\u00e1 configurado y utiliza una p\u00e1gina web con v\u00ednculos que solamente contienen anclas, permite a atacantes remotos cambiar URLs a dominios arbitrarios para estos v\u00ednculos a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2014-9508",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-01-04T21:59:05.887",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2014-9508
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-9508",
"description": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.",
"id": "GSD-2014-9508"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-9508"
],
"details": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.",
"id": "GSD-2014-9508",
"modified": "2023-12-13T01:22:48.096662Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:2169",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=4.5.0,\u003c=4.5.38||\u003e=4.6.0,\u003c=6.2.8||\u003e=7.0.0,\u003c=7.0.1",
"affected_versions": "All versions starting from 4.5.0 up to 4.5.38, all versions starting from 4.6.0 up to 6.2.8, all versions starting from 7.0.0 up to 7.0.1",
"cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"cwe_ids": [
"CWE-1035",
"CWE-59",
"CWE-937"
],
"date": "2023-08-16",
"description": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.",
"fixed_versions": [
"4.5.39",
"6.2.9",
"7.0.2"
],
"identifier": "CVE-2014-9508",
"identifiers": [
"GHSA-v6xv-rmqc-wcc8",
"CVE-2014-9508"
],
"not_impacted": "All versions before 4.5.0, all versions after 4.5.38 before 4.6.0, all versions after 6.2.8 before 7.0.0, all versions after 7.0.1",
"package_slug": "packagist/typo3/cms",
"pubdate": "2022-05-17",
"solution": "Upgrade to versions 4.5.39, 6.2.9, 7.0.2 or above.",
"title": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2014-9508",
"http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html",
"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/",
"https://github.com/advisories/GHSA-v6xv-rmqc-wcc8"
],
"uuid": "159b41ee-5abe-4e06-978c-839a460c1ac3"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:7.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.38:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.0.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:7.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.19:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9508"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"
},
{
"name": "openSUSE-SU-2016:2169",
"refsource": "SUSE",
"tags": [],
"url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2016-11-28T19:14Z",
"publishedDate": "2015-01-04T21:59Z"
}
}
}
CNVD-2015-00161
Vulnerability from cnvd - Published: 2015-01-09
VLAI Severity ?
Title
TYPO3 Url任意域修改漏洞
Description
TYPO3是开源内容管理系统(CMS)和内容管理框架(CMF)。
TYPO3存在Url任意域修改漏洞,允许远程攻击者通过未知向量改变任意域的url链接。
Severity
中
Patch Name
TYPO3 Url任意域修改漏洞的补丁
Patch Description
TYPO3是开源内容管理系统(CMS)和内容管理框架(CMF)。
TYPO3存在Url任意域修改漏洞,允许远程攻击者通过未知向量改变任意域的url链接。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下厂商提供的安全公告获取补丁以修复该漏洞: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/
Reference
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9508
Impacted products
| Name | ['TYPO3 Typo3 4.5.x < 4.5.39', 'TYPO3 Typo3 7.x < 7.0.2', 'TYPO3 Typo3 4.6.x - 6.2.x(<6.2.9)'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2014-9508"
}
},
"description": "TYPO3\u662f\u5f00\u6e90\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u548c\u5185\u5bb9\u7ba1\u7406\u6846\u67b6\uff08CMF\uff09\u3002\r\n\r\nTYPO3\u5b58\u5728Url\u4efb\u610f\u57df\u4fee\u6539\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u672a\u77e5\u5411\u91cf\u6539\u53d8\u4efb\u610f\u57df\u7684url\u94fe\u63a5\u3002",
"discovererName": "Helmut Hummel",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u53d6\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-00161",
"openTime": "2015-01-09",
"patchDescription": "TYPO3\u662f\u5f00\u6e90\u5185\u5bb9\u7ba1\u7406\u7cfb\u7edf\uff08CMS\uff09\u548c\u5185\u5bb9\u7ba1\u7406\u6846\u67b6\uff08CMF\uff09\u3002\r\n\r\nTYPO3\u5b58\u5728Url\u4efb\u610f\u57df\u4fee\u6539\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u672a\u77e5\u5411\u91cf\u6539\u53d8\u4efb\u610f\u57df\u7684url\u94fe\u63a5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "TYPO3 Url\u4efb\u610f\u57df\u4fee\u6539\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"TYPO3 Typo3 4.5.x \u003c 4.5.39",
"TYPO3 Typo3 7.x \u003c 7.0.2",
"TYPO3 Typo3 4.6.x - 6.2.x(\u003c6.2.9)"
]
},
"referenceLink": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/\r\nhttp://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9508",
"serverity": "\u4e2d",
"submitTime": "2015-01-08",
"title": "TYPO3 Url\u4efb\u610f\u57df\u4fee\u6539\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…