PT-2022-23194 · Typo3 · Typo3
Rik Willems
·
Published
2022-09-13
·
Updated
2024-03-06
·
CVE-2022-36104
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions prior to 11.5.16
Description
The issue arises when requesting invalid or non-existing resources via HTTP, triggering the page error handler to retrieve content from another page, leading to recursive application calls that amplify the initial attack's impact until the web server's limits are exceeded.
Recommendations
Update to TYPO3 version 11.5.16 to resolve this issue.
As a temporary workaround, consider restricting access to invalid or non-existing resources via HTTP to minimize the risk of exploitation.
Exploit
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3