CVE-2017-6370

MEDIUM5.3EPSS 0.11%

TYPO3 Information Disclosure Vulnerability

發布日:2022/5/13修改日:2024/4/25

描述

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.

受影響套件(1)

Packagist/typo3/cms

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-6370
PATCHhttps://github.com/TYPO3/typo3
WEBhttps://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request
WEBhttp://www.securityfocus.com/bid/97071