Description

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.

Remediation

References

CVE-2014-9509

Related Vulnerabilities

TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-23503)

MySQL CVE-2018-3077 Vulnerability (CVE-2018-3077)

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-16192)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1169)

OpenSSL Integer Overflow or Wraparound Vulnerability (CVE-2016-2177)

Severity

High

Classification

CVE-2014-9509 CWE-20

Tags

Missing Update Known Vulnerabilities