Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2021-41114
HistoryOct 05, 2021 - 6:15 p.m.

Input validation

2021-10-0518:15:00
PRIOn knowledge base
www.prio-n.com
12

5 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

JSON

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in TYPO3-CORE-SA-2014-001 (CVE-2014-3941). A regression, introduced during TYPO3 v11 development, led to this situation. The already existing setting $GLOBALS[‘TYPO3_CONF_VARS’][‘SYS’][‘trustedHostsPattern’] (used as an effective mitigation strategy in previous TYPO3 versions) was not evaluated anymore, and reintroduced the vulnerability.

CPENameOperatorVersion
typo3ge11.0.0
typo3lt11.5.0

Related

osv 5
cvelist 2
typo3 2
nvd 2
cve 2
ubuntucve 2
github 2
friendsofphp 3
cnvd 1
openvas 5
prion 1
nessus 3
suse 1
securityvulns 1
osv
osv
BIT-typo3-2021-41114
2024-03-06 11:10:15
HTTP Host Header Injection
2021-10-05 20:23:35
CVE-2021-41114
2021-10-05 18:15:08
cvelist
cvelist
CVE-2021-41114 HTTP Host Header Injection in Request Handling in Typo3
2021-10-05 17:15:11
CVE-2014-3941
2014-06-03 14:00:00
typo3
typo3
HTTP Host Header Injection in Request Handling
2021-10-05 00:00:00
Multiple Vulnerabilities in TYPO3 CMS
2014-05-22 00:00:00
nvd
nvd
CVE-2021-41114
2021-10-05 18:15:08
CVE-2014-3941
2014-06-03 14:55:10
cve
cve
CVE-2021-41114
2021-10-05 18:15:08
CVE-2014-3941
2014-06-03 14:55:10
ubuntucve
ubuntucve
CVE-2021-41114
2021-10-05 00:00:00
CVE-2014-3941
2014-06-03 00:00:00
github
github
HTTP Host Header Injection
2021-10-05 20:23:35
Typo3 Host Header Spoofing Vulnerability
2022-05-14 04:01:58
friendsofphp
friendsofphp
TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling
2021-10-05 11:02:47
TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling
2021-10-05 11:02:47
Possible Host Spoofing through SERVER_NAME
2014-05-22 09:34:08
cnvd
cnvd
TYPO3 HTTP header injection vulnerability
2021-12-01 00:00:00
openvas
openvas
TYPO3 HTTP Host Header Injection Vulnerability (TYPO3-CORE-SA-2021-015)
2021-10-07 00:00:00
TYPO3 Multiple Vulnerabilities (TYPO3-CORE-SA-2014-001)
2014-07-03 00:00:00
openSUSE: Security Advisory for Typo3 (openSUSE-SU-2016:2025-1)
2016-08-11 00:00:00
prion
prion
Spoofing
2014-06-03 14:55:00
nessus
nessus
openSUSE Security Update : typo3-cms-4_7 (openSUSE-2016-1002)
2016-08-22 00:00:00
openSUSE Security Update : typo3-cms-4_5 (openSUSE-SU-2014:0813-1)
2014-06-19 00:00:00
openSUSE Security Update : typo3 (openSUSE-2016-959)
2016-08-12 00:00:00
suse
suse
Important security fixes for Typo3 (important)
2016-08-10 22:09:17
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-06-14 00:00:00

5 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.4%

JSON
Related for PRION:CVE-2021-41114
osv5cvelist2typo32nvd2cve2ubuntucve2github2friendsofphp3cnvd1openvas5prion1nessus3suse1securityvulns1