Lucene search

GoogleOSV:GHSA-594H-CX6W-P4JF

HistoryMay 14, 2022 - 4:01 a.m.

Typo3 Host Header Spoofing Vulnerability

2022-05-1404:01:58

Google

osv.dev

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.0%

JSON

TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to “Host Spoofing.”

CPENameOperatorVersion
typo3/cmseq6.2.0
typo3/cmseq6.2.2
typo3/cmseq6.2.1

Name	Operator	Version
typo3/cms	eq	6.2.0
typo3/cms	eq	6.2.2
typo3/cms	eq	6.2.1

References

lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html

lists.opensuse.org/opensuse-updates/2014-06/msg00037.html

lists.opensuse.org/opensuse-updates/2016-08/msg00083.html

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001

www.debian.org/security/2014/dsa-2942

www.openwall.com/lists/oss-security/2014/06/03/2

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3941.yaml

nvd.nist.gov/vuln/detail/CVE-2014-3941

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

78.0%

JSON

Related for OSV:GHSA-594H-CX6W-P4JF