漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
HTTP Host Header Injection in Request Handling in Typo3
Vulnerability Description
TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that TYPO3 CMS is susceptible to host spoofing due to improper validation of the HTTP Host header. TYPO3 uses the HTTP Host header, for example, to generate absolute URLs during the frontend rendering process. Since the host header itself is provided by the client, it can be forged to any value, even in a name-based virtual hosts environment. This vulnerability is the same as described in TYPO3-CORE-SA-2014-001 (CVE-2014-3941). A regression, introduced during TYPO3 v11 development, led to this situation. The already existing setting $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] (used as an effective mitigation strategy in previous TYPO3 versions) was not evaluated anymore, and reintroduced the vulnerability.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
输入验证不恰当
Vulnerability Title
TYPO3 安全漏洞
Vulnerability Description
TYPO3是瑞士TYPO3(Typo3)协会的一套免费开源的内容管理系统(框架)(CMS/CMF)。 TYPO3 v11版本存在安全漏洞,该漏洞源于缺少对于HTTP主机报头的有效验证,TYPO3 CMS很容易受到主机欺骗。
CVSS Information
N/A
Vulnerability Type
N/A