BIT-typo3-2022-36104

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/typo3/BIT-typo3-2022-36104.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-typo3-2022-36104
Aliases
Published
2024-03-06T11:09:08.597Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. Users are advised to update to TYPO3 version 11.5.16 to resolve this issue. There are no known workarounds for this issue.

References

Affected packages

Bitnami / typo3

Package

Name
typo3
Purl
pkg:bitnami/typo3

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
11.4.0
Fixed
11.5.15