logo

Database

Asymmetric denial of service In typo3/cms

Description

Cache Flooding in TYPO3 Frontend Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in the end exceed storage limits and thus could lead to the system not responding any more. This means the Cache Flooding attack potentially could lead to a successful Denial of Service (DoS) attack.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-pw2q-qwvj-gh43

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-09-14-2.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-9HLLL – Vulnerability | Fluid Attacks Database