Vulnerability Details CVE-2014-9509
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.3%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2014-9509
-
cpe:2.3:a:typo3:typo3:4.5.0
-
cpe:2.3:a:typo3:typo3:4.5.1
-
cpe:2.3:a:typo3:typo3:4.5.10
-
cpe:2.3:a:typo3:typo3:4.5.11
-
cpe:2.3:a:typo3:typo3:4.5.12
-
cpe:2.3:a:typo3:typo3:4.5.13
-
cpe:2.3:a:typo3:typo3:4.5.14
-
cpe:2.3:a:typo3:typo3:4.5.15
-
cpe:2.3:a:typo3:typo3:4.5.16
-
cpe:2.3:a:typo3:typo3:4.5.17
-
cpe:2.3:a:typo3:typo3:4.5.18
-
cpe:2.3:a:typo3:typo3:4.5.19
-
cpe:2.3:a:typo3:typo3:4.5.2
-
cpe:2.3:a:typo3:typo3:4.5.20
-
cpe:2.3:a:typo3:typo3:4.5.21
-
cpe:2.3:a:typo3:typo3:4.5.22
-
cpe:2.3:a:typo3:typo3:4.5.23
-
cpe:2.3:a:typo3:typo3:4.5.24
-
cpe:2.3:a:typo3:typo3:4.5.25
-
cpe:2.3:a:typo3:typo3:4.5.26
-
cpe:2.3:a:typo3:typo3:4.5.27
-
cpe:2.3:a:typo3:typo3:4.5.28
-
cpe:2.3:a:typo3:typo3:4.5.29
-
cpe:2.3:a:typo3:typo3:4.5.3
-
cpe:2.3:a:typo3:typo3:4.5.30
-
cpe:2.3:a:typo3:typo3:4.5.31
-
cpe:2.3:a:typo3:typo3:4.5.32
-
cpe:2.3:a:typo3:typo3:4.5.33
-
cpe:2.3:a:typo3:typo3:4.5.34
-
cpe:2.3:a:typo3:typo3:4.5.35
-
cpe:2.3:a:typo3:typo3:4.5.36
-
cpe:2.3:a:typo3:typo3:4.5.37
-
cpe:2.3:a:typo3:typo3:4.5.38
-
cpe:2.3:a:typo3:typo3:4.5.4
-
cpe:2.3:a:typo3:typo3:4.5.5
-
cpe:2.3:a:typo3:typo3:4.5.6
-
cpe:2.3:a:typo3:typo3:4.5.7
-
cpe:2.3:a:typo3:typo3:4.5.8
-
cpe:2.3:a:typo3:typo3:4.5.9
-
cpe:2.3:a:typo3:typo3:4.6.0
-
cpe:2.3:a:typo3:typo3:4.6.1
-
cpe:2.3:a:typo3:typo3:4.6.10
-
cpe:2.3:a:typo3:typo3:4.6.11
-
cpe:2.3:a:typo3:typo3:4.6.12
-
cpe:2.3:a:typo3:typo3:4.6.13
-
cpe:2.3:a:typo3:typo3:4.6.14
-
cpe:2.3:a:typo3:typo3:4.6.15
-
cpe:2.3:a:typo3:typo3:4.6.16
-
cpe:2.3:a:typo3:typo3:4.6.17
-
cpe:2.3:a:typo3:typo3:4.6.18
-
cpe:2.3:a:typo3:typo3:4.6.2
-
cpe:2.3:a:typo3:typo3:4.6.3
-
cpe:2.3:a:typo3:typo3:4.6.4
-
cpe:2.3:a:typo3:typo3:4.6.5
-
cpe:2.3:a:typo3:typo3:4.6.6
-
cpe:2.3:a:typo3:typo3:4.6.7
-
cpe:2.3:a:typo3:typo3:4.6.8
-
cpe:2.3:a:typo3:typo3:4.6.9
-
cpe:2.3:a:typo3:typo3:4.7.0
-
cpe:2.3:a:typo3:typo3:4.7.1
-
cpe:2.3:a:typo3:typo3:4.7.10
-
cpe:2.3:a:typo3:typo3:4.7.11
-
cpe:2.3:a:typo3:typo3:4.7.12
-
cpe:2.3:a:typo3:typo3:4.7.13
-
cpe:2.3:a:typo3:typo3:4.7.14
-
cpe:2.3:a:typo3:typo3:4.7.15
-
cpe:2.3:a:typo3:typo3:4.7.16
-
cpe:2.3:a:typo3:typo3:4.7.17
-
cpe:2.3:a:typo3:typo3:4.7.18
-
cpe:2.3:a:typo3:typo3:4.7.19
-
cpe:2.3:a:typo3:typo3:4.7.2
-
cpe:2.3:a:typo3:typo3:4.7.20
-
cpe:2.3:a:typo3:typo3:4.7.3
-
cpe:2.3:a:typo3:typo3:4.7.4
-
cpe:2.3:a:typo3:typo3:4.7.5
-
cpe:2.3:a:typo3:typo3:4.7.6
-
cpe:2.3:a:typo3:typo3:4.7.7
-
cpe:2.3:a:typo3:typo3:4.7.8
-
cpe:2.3:a:typo3:typo3:4.7.9
-
cpe:2.3:a:typo3:typo3:6.0
-
cpe:2.3:a:typo3:typo3:6.0.1
-
cpe:2.3:a:typo3:typo3:6.0.10
-
cpe:2.3:a:typo3:typo3:6.0.11
-
cpe:2.3:a:typo3:typo3:6.0.12
-
cpe:2.3:a:typo3:typo3:6.0.13
-
cpe:2.3:a:typo3:typo3:6.0.14
-
cpe:2.3:a:typo3:typo3:6.0.2
-
cpe:2.3:a:typo3:typo3:6.0.3
-
cpe:2.3:a:typo3:typo3:6.0.4
-
cpe:2.3:a:typo3:typo3:6.0.5
-
cpe:2.3:a:typo3:typo3:6.0.6
-
cpe:2.3:a:typo3:typo3:6.0.7
-
cpe:2.3:a:typo3:typo3:6.0.8
-
cpe:2.3:a:typo3:typo3:6.0.9
-
cpe:2.3:a:typo3:typo3:6.1
-
cpe:2.3:a:typo3:typo3:6.1.1
-
cpe:2.3:a:typo3:typo3:6.1.2
-
cpe:2.3:a:typo3:typo3:6.1.3
-
cpe:2.3:a:typo3:typo3:6.1.4
-
cpe:2.3:a:typo3:typo3:6.1.5
-
cpe:2.3:a:typo3:typo3:6.1.6
-
cpe:2.3:a:typo3:typo3:6.1.7
-
cpe:2.3:a:typo3:typo3:6.1.8
-
cpe:2.3:a:typo3:typo3:6.1.9
-
cpe:2.3:a:typo3:typo3:6.2
-
cpe:2.3:a:typo3:typo3:6.2.0
-
cpe:2.3:a:typo3:typo3:6.2.1
-
cpe:2.3:a:typo3:typo3:6.2.2
-
cpe:2.3:a:typo3:typo3:6.2.3
-
cpe:2.3:a:typo3:typo3:6.2.4
-
cpe:2.3:a:typo3:typo3:6.2.5
-
cpe:2.3:a:typo3:typo3:6.2.6
-
cpe:2.3:a:typo3:typo3:6.2.7
-
cpe:2.3:a:typo3:typo3:6.2.8
-
cpe:2.3:a:typo3:typo3:7.0.0
-
cpe:2.3:a:typo3:typo3:7.0.1