Ubuntu.comUB:CVE-2022-23500CVE-2022-23500
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
33.0%
TYPO3 is an open source PHP based web content management system. In
versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid
or non-existing resources via HTTP triggers the page error handler, which
again could retrieve content to be shown as an error message from another
page. This leads to a scenario in which the application is calling itself
recursively - amplifying the impact of the initial attack until the limits
of the web server are exceeded. This vulnerability is very similar, but not
identical, to the one described in CVE-2021-21359. This issue is patched in
versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1.
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
33.0%