Package: typo3-src Severity: critical Tags: security
Component Type: TYPO3 Core Affected Versions: 4.2.0-4.2.17, 4.3.0-4.3.13, 4.5.0-4.5.5 Release Date: September 14, 2011 Vulnerable subcomponent: Caching System Vulnerability Type: Improper error handling Severity: Medium Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C Problem Description: When configured to explicitly deny cache disabling through an URL parameter ($TYPO3_CONF_VARS['FE']['disableNoCacheParameter']), TYPO3 fails to disable caching when an invalid cache hash URL parameter (cHash) is provided. This allows an attacker to easily flood the caching tables of TYPO3. -- MfG, Christian Welzel GPG-Key: http://www.camlann.de/de/pgpkey.html Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org