CVE-2022-23500

CVSS v3.1

5.9

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions TYPO3 versions prior to 9.5.38 TYPO3 versions prior to 10.4.33 TYPO3 versions prior to 11.5.20 TYPO3 versions prior to 12.1.1

Description Requesting invalid or non-existing resources via HTTP triggers the page error handler, which retrieves content to be shown as an error message from another page, leading to a scenario where the application calls itself recursively. This amplifies the impact of the initial attack until the limits of the web server are exceeded.

Recommendations Update to version 9.5.38 ELTS or later Update to version 10.4.33 or later Update to version 11.5.20 or later Update to version 12.1.1 or later

Exploit

Fix

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674CWE-405

Related Identifiers

BIT-TYPO3-2022-23500

CVE-2022-23500

GHSA-8C28-5MP7-V24H

Affected Products

Typo3

CVE-2022-23500

Weakness Enumeration

Related Identifiers

Affected Products

References · 12