Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-594H-CX6W-P4JF
HistoryMay 14, 2022 - 4:01 a.m.

Typo3 Host Header Spoofing Vulnerability

2022-05-1404:01:58
CWE-20
GitHub Advisory Database
github.com
16
typo3
host spoofing
vulnerability
remote attackers

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.006

Percentile

78.4%

JSON

TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to “Host Spoofing.”

Affected configurations

Vulners
Node
typo3typo3_cmsRange6.2.06.2.3
OR
typo3typo3_cmsRange6.1.06.1.8
OR
typo3typo3_cmsRange6.0.06.0.13
OR
typo3typo3_cmsRange4.7.04.7.18
OR
typo3typo3_cmsRange4.5.04.5.33
VendorProductVersionCPE
typo3typo3_cms*cpe:2.3:a:typo3:typo3_cms:*:*:*:*:*:*:*:*

Related

cvelist 2
prion 2
friendsofphp 1
ubuntucve 2
cve 2
nvd 2
osv 5
openvas 4
github 1
typo3 2
nessus 3
suse 1
securityvulns 1
cvelist
cvelist
CVE-2014-3941
2014-06-03 14:00:00
CVE-2021-41114 HTTP Host Header Injection in Request Handling in Typo3
2021-10-05 17:15:11
prion
prion
Spoofing
2014-06-03 14:55:00
Input validation
2021-10-05 18:15:00
friendsofphp
friendsofphp
Possible Host Spoofing through SERVER_NAME
2014-05-22 09:34:08
ubuntucve
ubuntucve
CVE-2014-3941
2014-06-03 00:00:00
CVE-2021-41114
2021-10-05 00:00:00
cve
cve
CVE-2014-3941
2014-06-03 14:55:10
CVE-2021-41114
2021-10-05 18:15:08
nvd
nvd
CVE-2014-3941
2014-06-03 14:55:10
CVE-2021-41114
2021-10-05 18:15:08
osv
osv
Typo3 Host Header Spoofing Vulnerability
2022-05-14 04:01:58
BIT-typo3-2021-41114
2024-03-06 11:10:15
HTTP Host Header Injection
2021-10-05 20:23:35
openvas
openvas
TYPO3 Multiple Vulnerabilities (TYPO3-CORE-SA-2014-001)
2014-07-03 00:00:00
openSUSE: Security Advisory for Typo3 (openSUSE-SU-2016:2025-1)
2016-08-11 00:00:00
Debian Security Advisory DSA 2942-1 (typo3-src - security update)
2014-06-01 00:00:00
github
github
HTTP Host Header Injection
2021-10-05 20:23:35
typo3
typo3
HTTP Host Header Injection in Request Handling
2021-10-05 00:00:00
Multiple Vulnerabilities in TYPO3 CMS
2014-05-22 00:00:00
nessus
nessus
openSUSE Security Update : typo3-cms-4_7 (openSUSE-2016-1002)
2016-08-22 00:00:00
openSUSE Security Update : typo3 (openSUSE-2016-959)
2016-08-12 00:00:00
openSUSE Security Update : typo3-cms-4_5 (openSUSE-SU-2014:0813-1)
2014-06-19 00:00:00
suse
suse
Important security fixes for Typo3 (important)
2016-08-10 22:09:17
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-06-14 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS

0.006

Percentile

78.4%

JSON
Related for GHSA-594H-CX6W-P4JF
cvelist2prion2friendsofphp1ubuntucve2cve2nvd2osv5openvas4github1typo32nessus3suse1securityvulns1