TYPO3 Anchor-only Links Remote Spoofing Vulnerability

medium Nessus Plugin ID 81575

Synopsis

The remote host is affected by a URL spoofing vulnerability.

Description

The TYPO3 content management system running on the remote host is affected by a URL spoofing vulnerability involving anchor-only links on the homepage. A remote attacker, using a specially crafted request, can modify links so they point to arbitrary domains. Furthermore, an attacker can utilize this vulnerability to poison the cache in order to temporarily alter the links on the index page until cache expiration.

Solution

Upgrade to a patched version or set the 'config.absRefPrefix' configuration option to a non-empty value.

See Also

http://www.nessus.org/u?be948b13

Plugin Details

Severity: Medium

ID: 81575

File Name: typo3_link_spoofing.nasl

Version: 1.9

Type: remote

Family: CGI abuses

Published: 2/27/2015

Updated: 6/5/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Low

Score: 2.4

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2014-9508

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:typo3:typo3

Required KB Items: www/PHP, installed_sw/TYPO3

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 12/10/2014

Vulnerability Publication Date: 12/9/2014

Reference Information

CVE: CVE-2014-9508

BID: 71646