typo3-src: multiple vulnerabilities
| Package(s): | typo3-src | CVE #(s): | |||||
| Created: | June 2, 2014 | Updated: | February 23, 2015 | ||||
| Description: | From the Typo3 advisory:
It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Insecure Unserialize, Improper Session Invalidation, Authentication Bypass, Information Disclosure and Host Spoofing. Failing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, http(s) enforcement, password reset links and many more. Since the host header itself is provided by the client it can be forged to any value, even in a name based virtual hosts environment. | ||||||
| Alerts: |
| ||||||