Computer Security Global Security Mag Online anti virus spywares job oofers telecom and network security
- english:
- Product Reviews:
- Business News:
- MAGIC QUADRANT :
- Market News:
- WHITE PAPER:
- Special Reports:
- Interviews:
- Opinion:
- EVENTS:
- Security Vulnerability:
- Malware Update:
- Diary:
- Guide & Podcast:
- Jobs:
- International News:
- CONTACTS:
- TRAINING :
Global Security Magazine Online antivirus
Product Reviews
Business News
MAGIC QUADRANT 
Market News
Special Reports
Opinion
EVENTS
Security Vulnerability
Malware Update
Diary
Guide & Podcast
Jobs
International News
CONTACTS
Flux RSS
| Vigil@nce: TYPO3, redirect with jumpUrl |
| July 2009 by Vigil@nce |
| An attacker can use jumpUrl to redirect TYPO3 users to a file forbidden by fileDenyPattern. |
| Severity: 1/4 Consequences: data reading Provenance: internet client Means of attack: no proof of concept, no attack Ability of attacker: expert (4/4) Confidence: confirmed by the editor (5/5) Diffusion of the vulnerable configuration: low (1/3) Creation date: 06/07/2009 IMPACTED PRODUCTS
DESCRIPTION OF THE VULNERABILITY The jumpUrl feature is used to redirect the user to a new url. The fileDenyPattern configuration variable indicates forbidden patterns in files. However, jumpUrl accepts to redirect to files which should be forbidden by fileDenyPattern. This error currently has no impact, but could be used by another vulnerability. An attacker can therefore use jumpUrl to redirect TYPO3 users to a file forbidden by fileDenyPattern. CHARACTERISTICS Identifiers: 0011369, VIGILANCE-VUL-8839 http://vigilance.fr/vulnerability/TYPO3-redirect-with-jumpUrl-8839 |
< previous next > |
TYPO3
