TYPO3 Backend Open Redirection Vulnerability Network Vulnerability

Summary

This host is installed with TYPO3 and is prone to open redirection vulnerability.

Impact

Successful exploitation will allow remote attackers to conduct phishing attacks. Impact Level: Application

Solution

Upgrade to TYPO3 version 4.1.14, 4.2.13, 4.3.4, 4.4.1 or later, For updates refer to, http://typo3.org/ http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-012

Insight

An error exists in Backend, which fails to sanitize "redirect" parameter properly

Affected

TYPO3 version before 4.1.14 and below, 4.2.0 to 4.2.13, 4.3.0 to 4.3.3 and 4.4.0

Detection

Send a Crafted HTTP GET request and check whether it is able to get sensitive information.

References

http://osvdb.org/66864
http://secunia.com/advisories/40742/
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-012

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts Cross Site Scripting Vulnerability
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
Apache Tomcat SecurityConstraints Security Bypass Vulnerability
AlienForm CGI script
@Mail 'admin.php' Cross-Site Scripting Vulnerabilities

Take action and discover your vulnerabilities