Vigil@nce - TYPO3 Calendar Base: denial of service via PCRE
November 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a complex PCRE expression with TYPO3 Calendar
Base, in order to trigger a denial of service.
Impacted products: TYPO3 Extensions
Severity: 2/4
Creation date: 17/10/2014
DESCRIPTION OF THE VULNERABILITY
The Calendar Base extension can be installed on TYPO3.
However, user’s data are directly inserted in a regular expression.
An attacker can therefore use a complex PCRE expression with TYPO3
Calendar Base, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/TYPO3-Calendar-Base-denial-of-service-via-PCRE-15502