Home > Vulnerability Database > WS-2018-0042

Mend.io Vulnerability Database

WS-2018-0042

Good to know:

Date: August 30, 2011

Improper error handling vulnerability in TYPO3 4.2.x before 4.2.18, 4.3.x before 4.3.14, 4.4.x before 4.4.11, and 4.5.x before 4.5.6. When configured to explicitly deny cache disabling through an URL parameter ($TYPO3_CONF_VARS['FE']['disableNoCacheParameter']), TYPO3 fails to disable caching when an invalid cache hash URL parameter (cHash) is provided. This allows an attacker to easily flood the caching tables of TYPO3.

Language: PHP

Severity Score

5.3

Related Resources (3)

Url: https://github.com/TYPO3/TYPO3.CMS/commit/4a18c907fe88a030ca46f23bdd66371e4fbcd05e

Url: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-003/

Url: https://www.mend.io/vulnerability-database/WS-2018-0042

Severity Score

5.3

Weakness Type (CWE)

Error Handling

CWE-388

Top Fix

Upgrade Version

Upgrade to version TYPO3_4-3-14,TYPO3_4-4-11,TYPO3_4-5-6

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2018-0042

Good to know:

Date: August 30, 2011

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?