Lucene search
HistoryJan 04, 2015 - 9:59 p.m.
CVE-2014-9508
typo3
frontend
rendering
component
remote attackers
url change
cve-2014-9508
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.7 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
57.0%
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
Affected configurations
Node
typo3typo3Match4.5.0
ORtypo3typo3Match4.5.1
ORtypo3typo3Match4.5.2
ORtypo3typo3Match4.5.3
ORtypo3typo3Match4.5.4
ORtypo3typo3Match4.5.5
ORtypo3typo3Match4.5.6
ORtypo3typo3Match4.5.7
ORtypo3typo3Match4.5.8
ORtypo3typo3Match4.5.9
ORtypo3typo3Match4.5.10
ORtypo3typo3Match4.5.11
ORtypo3typo3Match4.5.12
ORtypo3typo3Match4.5.13
ORtypo3typo3Match4.5.14
ORtypo3typo3Match4.5.15
ORtypo3typo3Match4.5.16
ORtypo3typo3Match4.5.17
ORtypo3typo3Match4.5.18
ORtypo3typo3Match4.5.19
ORtypo3typo3Match4.5.20
ORtypo3typo3Match4.5.21
ORtypo3typo3Match4.5.22
ORtypo3typo3Match4.5.23
ORtypo3typo3Match4.5.24
ORtypo3typo3Match4.5.25
ORtypo3typo3Match4.5.26
ORtypo3typo3Match4.5.27
ORtypo3typo3Match4.5.28
ORtypo3typo3Match4.5.29
ORtypo3typo3Match4.5.30
ORtypo3typo3Match4.5.31
ORtypo3typo3Match4.5.32
ORtypo3typo3Match4.5.33
ORtypo3typo3Match4.5.34
ORtypo3typo3Match4.5.35
ORtypo3typo3Match4.5.36
ORtypo3typo3Match4.5.37
ORtypo3typo3Match4.5.38
ORtypo3typo3Match4.6.0
ORtypo3typo3Match4.6.1
ORtypo3typo3Match4.6.2
ORtypo3typo3Match4.6.3
ORtypo3typo3Match4.6.4
ORtypo3typo3Match4.6.5
ORtypo3typo3Match4.6.6
ORtypo3typo3Match4.6.7
ORtypo3typo3Match4.6.8
ORtypo3typo3Match4.6.9
ORtypo3typo3Match4.6.10
ORtypo3typo3Match4.6.11
ORtypo3typo3Match4.6.12
ORtypo3typo3Match4.6.13
ORtypo3typo3Match4.6.14
ORtypo3typo3Match4.6.15
ORtypo3typo3Match4.6.16
ORtypo3typo3Match4.6.17
ORtypo3typo3Match4.6.18
ORtypo3typo3Match4.7.0
ORtypo3typo3Match4.7.1
ORtypo3typo3Match4.7.2
ORtypo3typo3Match4.7.3
ORtypo3typo3Match4.7.4
ORtypo3typo3Match4.7.5
ORtypo3typo3Match4.7.6
ORtypo3typo3Match4.7.7
ORtypo3typo3Match4.7.8
ORtypo3typo3Match4.7.9
ORtypo3typo3Match4.7.10
ORtypo3typo3Match4.7.11
ORtypo3typo3Match4.7.12
ORtypo3typo3Match4.7.13
ORtypo3typo3Match4.7.14
ORtypo3typo3Match4.7.15
ORtypo3typo3Match4.7.16
ORtypo3typo3Match4.7.17
ORtypo3typo3Match4.7.18
ORtypo3typo3Match4.7.19
ORtypo3typo3Match4.7.20
ORtypo3typo3Match6.0
ORtypo3typo3Match6.0.1
ORtypo3typo3Match6.0.2
ORtypo3typo3Match6.0.3
ORtypo3typo3Match6.0.4
ORtypo3typo3Match6.0.5
ORtypo3typo3Match6.0.6
ORtypo3typo3Match6.0.7
ORtypo3typo3Match6.0.8
ORtypo3typo3Match6.0.9
ORtypo3typo3Match6.0.10
ORtypo3typo3Match6.0.11
ORtypo3typo3Match6.0.12
ORtypo3typo3Match6.0.13
ORtypo3typo3Match6.0.14
ORtypo3typo3Match6.1
ORtypo3typo3Match6.1.1
ORtypo3typo3Match6.1.2
ORtypo3typo3Match6.1.3
ORtypo3typo3Match6.1.4
ORtypo3typo3Match6.1.5
ORtypo3typo3Match6.1.6
ORtypo3typo3Match6.1.7
ORtypo3typo3Match6.1.8
ORtypo3typo3Match6.1.9
ORtypo3typo3Match6.2
ORtypo3typo3Match6.2.0beta1
ORtypo3typo3Match6.2.0beta2
ORtypo3typo3Match6.2.0beta3
ORtypo3typo3Match6.2.1
ORtypo3typo3Match6.2.2
ORtypo3typo3Match6.2.3
ORtypo3typo3Match6.2.4
ORtypo3typo3Match6.2.5
ORtypo3typo3Match6.2.6
ORtypo3typo3Match6.2.7
ORtypo3typo3Match6.2.8
ORtypo3typo3Match7.0.0
ORtypo3typo3Match7.0.1
Related
osv
osv
Typo3 Open Redirect In Frontend Rendering
2022-05-17 03:45:52
prion
prion
Code injection
2015-01-04 21:59:00
friendsofphp
friendsofphp
Possible link spoofing on the homepage when anchors are used
2014-12-10 10:07:58
nessus
nessus
TYPO3 Anchor-only Links Remote Spoofing Vulnerability
2015-02-27 00:00:00
openSUSE Security Update : typo3-cms-4_5 (openSUSE-2016-1022)
2016-08-30 00:00:00
veracode
veracode
Link Spoofing
2017-07-25 19:10:43
nvd
nvd
CVE-2014-9508
2015-01-04 21:59:05
ubuntucve
ubuntucve
CVE-2014-9508
2015-01-04 00:00:00
typo3
typo3
Link spoofing and cache poisoning vulnerabilities in TYPO3 CMS
2014-12-09 00:00:00
cvelist
cvelist
CVE-2014-9508
2015-01-04 21:00:00
github
github
Typo3 Open Redirect In Frontend Rendering
2022-05-17 03:45:52
openvas
openvas
TYPO3 Multiple Vulnerabilities (TYPO3-CORE-SA-2014-003)
2015-01-19 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.7 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
57.0%
Related for CVE-2014-9508