CVE-2021-21359
Summary
| CVE | CVE-2021-21359 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-03-23 02:15:00 UTC |
| Updated | 2021-03-26 17:54:00 UTC |
| Description | TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1. |
Risk And Classification
Problem Types: CWE-405 | CWE-674
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| typo3/cms-core - Packagist | MISC | packagist.org | |
| TYPO3-CORE-SA-2021-005: Denial of Service in Page Error Handling | MISC | typo3.org | |
| Denial of Service in Page Error Handling · Advisory · TYPO3/TYPO3.CMS · GitHub | CONFIRM | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.