Vigil@nce - TYPO3: two vulnerabilities of prefixLocalAnchors
December 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of prefixLocalAnchors
of TYPO3.
Impacted products: TYPO3 Core
Severity: 1/4
Creation date: 10/12/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in TYPO3.
An attacker can deceive the user by altering anchor prefixes when
config.prefixLocalAnchors is set to "all", in order to redirect
him to a malicious site. [severity:1/4]
An attacker can poison the cache when config.prefixLocalAnchors is
set to "all" or "cached", in order to deceive the victim.
[severity:1/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/TYPO3-two-vulnerabilities-of-prefixLocalAnchors-15773