Description

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.

Remediation

References

CVE-2014-9509

Related Vulnerabilities

WordPress Plugin Backup, Restore and Migrate WordPress Sites With the XCloner Cross-Site Scripting (3.1.2)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3542)

WordPress Plugin Bulk Datetime Change Security Bypass (1.11)

Oracle Database Server CVE-2011-2322 Vulnerability (CVE-2011-2322)

MySQL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735)

Severity

High

Classification

CVE-2014-9509 CWE-20

Tags

Missing Update Known Vulnerabilities