TYPO3 CVE-2013-1843 Open Redirection Vulnerability

Bugtraq ID:	58330
Class:	Input Validation Error
CVE:	CVE-2013-1843
Remote:	Yes
Local:	No
Published:	Mar 06 2013 12:00AM
Updated:	Jun 04 2013 11:55AM
Credit:	The vendor reported this issue.
Vulnerable:	Typo3 Typo3 4.6.1 Typo3 Typo3 4.6 Typo3 Typo3 4.5.13 Typo3 Typo3 4.5.2 Typo3 Typo3 4.5.15 Typo3 Typo3 4.5.1 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64
Not Vulnerable:

TYPO3 CVE-2013-1843 Open Redirection Vulnerability

TYPO3 is prone to an open-redirection vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can leverage this issue by constructing a crafted URI and enticing a user to follow it. When an unsuspecting victim follows the link, they may be redirected to an attacker-controlled site; this may aid in phishing attacks. Other attacks are possible.

NOTE: The issue (described by CVE-2013-1842) has been moved to BID 60312 (TYPO3 CVE-2013-1842 SQL Injection Vulnerability) to better document it.

TYPO3 CVE-2013-1843 Open Redirection Vulnerability

An attacker can exploit this issue using a web browser.

TYPO3 CVE-2013-1843 Open Redirection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

TYPO3 CVE-2013-1843 Open Redirection Vulnerability

References:

• TYPO3 Homepage (TYPO3)