Lucene search

Veracode Vulnerability DatabaseVERACODE:37026

HistorySep 14, 2022 - 7:30 a.m.

Denial Of Services (DoS)

2022-09-1407:30:27

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

50.6%

JSON

typo3/cms is vulnerable to denial-of-service. The vulnerability exists in handlePageError function in PageContentErrorHandler.php due to lack of page error handling which allows a remote attacker to cause an application crash.

CPENameOperatorVersion
typo3/cmslev11.5.15
typo3/cms-corelev11.5.15
typo3/cmslev11.5.15
typo3/cms-corelev11.5.15

Name	Operator	Version
typo3/cms	le	v11.5.15
typo3/cms-core	le	v11.5.15
typo3/cms	le	v11.5.15
typo3/cms-core	le	v11.5.15

References

github.com/TYPO3-CMS/core/commit/9585db09a196e5e0fb0eddcc31d1c5c759067a82

github.com/TYPO3/typo3/commit/179dd7cd78947081d573fee2050e197faa556f13

github.com/TYPO3/typo3/security/advisories/GHSA-fffr-7x4x-f98q

review.typo3.org/c/Packages/TYPO3.CMS/+/75715

typo3.org/security/advisory/typo3-core-sa-2022-006

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

50.6%

JSON

Related for VERACODE:37026