News
Vigil@nce: TYPO3, redirect with jumpUrl
July 2009 by Vigil@nce
An attacker can use jumpUrl to redirect TYPO3 users to a file forbidden by fileDenyPattern.
Severity: 1/4
Consequences: data reading
Provenance: internet client
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: low (1/3)
Creation date: 06/07/2009
IMPACTED PRODUCTS
TYPO3
DESCRIPTION OF THE VULNERABILITY
The jumpUrl feature is used to redirect the user to a new url.
The fileDenyPattern configuration variable indicates forbidden patterns in files.
However, jumpUrl accepts to redirect to files which should be forbidden by fileDenyPattern. This error currently has no impact, but could be used by another vulnerability.
An attacker can therefore use jumpUrl to redirect TYPO3 users to a file forbidden by fileDenyPattern.
CHARACTERISTICS
Identifiers: 0011369, VIGILANCE-VUL-8839
http://vigilance.fr/vulnerability/TYPO3-redirect-with-jumpUrl-8839
