Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2021-41114
HistoryOct 05, 2021 - 12:00 a.m.

CVE-2021-41114

2021-10-0500:00:00
ubuntu.com
ubuntu.com
13

0.001 Low

EPSS

Percentile

32.3%

JSON

TYPO3 is an open source PHP based web content management system released
under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to
host spoofing due to improper validation of the HTTP Host header. TYPO3
uses the HTTP Host header, for example, to generate absolute URLs during
the frontend rendering process. Since the host header itself is provided by
the client, it can be forged to any value, even in a name-based virtual
hosts environment. This vulnerability is the same as described in
TYPO3-CORE-SA-2014-001 (CVE-2014-3941). A regression, introduced during
TYPO3 v11 development, led to this situation. The already existing setting
$GLOBALS[‘TYPO3_CONF_VARS’][‘SYS’][‘trustedHostsPattern’] (used as an
effective mitigation strategy in previous TYPO3 versions) was not evaluated
anymore, and reintroduced the vulnerability.

Related

osv 5
cvelist 2
typo3 2
prion 2
cve 2
github 2
cnvd 1
friendsofphp 3
openvas 5
ubuntucve 1
nessus 3
suse 1
securityvulns 1
osv
osv
CVE-2021-41114
2021-10-05 18:15:08
HTTP Host Header Injection
2021-10-05 20:23:35
BIT-typo3-2021-41114
2024-03-06 11:10:15
cvelist
cvelist
CVE-2021-41114 HTTP Host Header Injection in Request Handling in Typo3
2021-10-05 17:15:11
CVE-2014-3941
2014-06-03 14:00:00
typo3
typo3
HTTP Host Header Injection in Request Handling
2021-10-05 00:00:00
Multiple Vulnerabilities in TYPO3 CMS
2014-05-22 00:00:00
prion
prion
Input validation
2021-10-05 18:15:00
Spoofing
2014-06-03 14:55:00
cve
cve
CVE-2021-41114
2021-10-05 18:15:00
CVE-2014-3941
2014-06-03 14:55:00
github
github
HTTP Host Header Injection
2021-10-05 20:23:35
Typo3 Host Header Spoofing Vulnerability
2022-05-14 04:01:58
cnvd
cnvd
TYPO3 HTTP header injection vulnerability
2021-12-01 00:00:00
friendsofphp
friendsofphp
TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling
2021-10-05 11:02:47
TYPO3-CORE-SA-2021-015: HTTP Host Header Injection in Request Handling
2021-10-05 11:02:47
Possible Host Spoofing through SERVER_NAME
2014-05-22 09:34:08
openvas
openvas
TYPO3 HTTP Host Header Injection Vulnerability (TYPO3-CORE-SA-2021-015)
2021-10-07 00:00:00
TYPO3 Multiple Vulnerabilities (TYPO3-CORE-SA-2014-001)
2014-07-03 00:00:00
openSUSE: Security Advisory for Typo3 (openSUSE-SU-2016:2025-1)
2016-08-11 00:00:00
ubuntucve
ubuntucve
CVE-2014-3941
2014-06-03 00:00:00
nessus
nessus
openSUSE Security Update : typo3-cms-4_7 (openSUSE-2016-1002)
2016-08-22 00:00:00
openSUSE Security Update : typo3-cms-4_5 (openSUSE-SU-2014:0813-1)
2014-06-19 00:00:00
openSUSE Security Update : typo3 (openSUSE-2016-959)
2016-08-12 00:00:00
suse
suse
Important security fixes for Typo3 (important)
2016-08-10 22:09:17
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-06-14 00:00:00

0.001 Low

EPSS

Percentile

32.3%

JSON
Related for UB:CVE-2021-41114
osv5cvelist2typo32prion2cve2github2cnvd1friendsofphp3openvas5ubuntucve1nessus3suse1securityvulns1