CVE-2014-9509Improper Input Validation in CMS

CWE-20Improper Input Validation4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 29.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Typo3 CMSTypo3
Timeline
PublishedJan 4
Latest updateMay 17

Description

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Packagisttypo3/cms4.5.04.5.39+6
NVDtypo3/typo3116 versions+115

🔴Vulnerability Details

3
GHSA
Typo3 Vulnerable to Cache Poisoning2022-05-17
OSV
Typo3 Vulnerable to Cache Poisoning2022-05-17
CVEList
CVE-2014-9509: The frontend rendering component in TYPO3 42015-01-04
CVE-2014-9509 — Improper Input Validation in Typo3 CMS | cvebase