4.3

CVE-2014-9508

Exploit
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only contain anchors, allows remote attackers to change URLs to arbitrary domains for those links via unknown vectors.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Typo3Typo3 Version4.5.0
Typo3Typo3 Version4.5.1
Typo3Typo3 Version4.5.2
Typo3Typo3 Version4.5.3
Typo3Typo3 Version4.5.4
Typo3Typo3 Version4.5.5
Typo3Typo3 Version4.5.6
Typo3Typo3 Version4.5.7
Typo3Typo3 Version4.5.8
Typo3Typo3 Version4.5.9
Typo3Typo3 Version4.5.10
Typo3Typo3 Version4.5.11
Typo3Typo3 Version4.5.12
Typo3Typo3 Version4.5.13
Typo3Typo3 Version4.5.14
Typo3Typo3 Version4.5.15
Typo3Typo3 Version4.5.16
Typo3Typo3 Version4.5.17
Typo3Typo3 Version4.5.18
Typo3Typo3 Version4.5.19
Typo3Typo3 Version4.5.20
Typo3Typo3 Version4.5.21
Typo3Typo3 Version4.5.22
Typo3Typo3 Version4.5.23
Typo3Typo3 Version4.5.24
Typo3Typo3 Version4.5.25
Typo3Typo3 Version4.5.26
Typo3Typo3 Version4.5.27
Typo3Typo3 Version4.5.28
Typo3Typo3 Version4.5.29
Typo3Typo3 Version4.5.30
Typo3Typo3 Version4.5.31
Typo3Typo3 Version4.5.32
Typo3Typo3 Version4.5.33
Typo3Typo3 Version4.5.34
Typo3Typo3 Version4.5.35
Typo3Typo3 Version4.5.36
Typo3Typo3 Version4.5.37
Typo3Typo3 Version4.5.38
Typo3Typo3 Version4.6.0
Typo3Typo3 Version4.6.1
Typo3Typo3 Version4.6.2
Typo3Typo3 Version4.6.3
Typo3Typo3 Version4.6.4
Typo3Typo3 Version4.6.5
Typo3Typo3 Version4.6.6
Typo3Typo3 Version4.6.7
Typo3Typo3 Version4.6.8
Typo3Typo3 Version4.6.9
Typo3Typo3 Version4.6.10
Typo3Typo3 Version4.6.11
Typo3Typo3 Version4.6.12
Typo3Typo3 Version4.6.13
Typo3Typo3 Version4.6.14
Typo3Typo3 Version4.6.15
Typo3Typo3 Version4.6.16
Typo3Typo3 Version4.6.17
Typo3Typo3 Version4.6.18
Typo3Typo3 Version4.7.0
Typo3Typo3 Version4.7.1
Typo3Typo3 Version4.7.2
Typo3Typo3 Version4.7.3
Typo3Typo3 Version4.7.4
Typo3Typo3 Version4.7.5
Typo3Typo3 Version4.7.6
Typo3Typo3 Version4.7.7
Typo3Typo3 Version4.7.8
Typo3Typo3 Version4.7.9
Typo3Typo3 Version4.7.10
Typo3Typo3 Version4.7.11
Typo3Typo3 Version4.7.12
Typo3Typo3 Version4.7.13
Typo3Typo3 Version4.7.14
Typo3Typo3 Version4.7.15
Typo3Typo3 Version4.7.16
Typo3Typo3 Version4.7.17
Typo3Typo3 Version4.7.18
Typo3Typo3 Version4.7.19
Typo3Typo3 Version4.7.20
Typo3Typo3 Version6.0
Typo3Typo3 Version6.0.1
Typo3Typo3 Version6.0.2
Typo3Typo3 Version6.0.3
Typo3Typo3 Version6.0.4
Typo3Typo3 Version6.0.5
Typo3Typo3 Version6.0.6
Typo3Typo3 Version6.0.7
Typo3Typo3 Version6.0.8
Typo3Typo3 Version6.0.9
Typo3Typo3 Version6.0.10
Typo3Typo3 Version6.0.11
Typo3Typo3 Version6.0.12
Typo3Typo3 Version6.0.13
Typo3Typo3 Version6.0.14
Typo3Typo3 Version6.1
Typo3Typo3 Version6.1.1
Typo3Typo3 Version6.1.2
Typo3Typo3 Version6.1.3
Typo3Typo3 Version6.1.4
Typo3Typo3 Version6.1.5
Typo3Typo3 Version6.1.6
Typo3Typo3 Version6.1.7
Typo3Typo3 Version6.1.8
Typo3Typo3 Version6.1.9
Typo3Typo3 Version6.2
Typo3Typo3 Version6.2.0 Updatebeta1
Typo3Typo3 Version6.2.0 Updatebeta2
Typo3Typo3 Version6.2.0 Updatebeta3
Typo3Typo3 Version6.2.1
Typo3Typo3 Version6.2.2
Typo3Typo3 Version6.2.3
Typo3Typo3 Version6.2.4
Typo3Typo3 Version6.2.5
Typo3Typo3 Version6.2.6
Typo3Typo3 Version6.2.7
Typo3Typo3 Version6.2.8
Typo3Typo3 Version7.0.0
Typo3Typo3 Version7.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.29% 0.495
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.