CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-6370

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 30.7%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

http://www.securityfocus.com/bid/97071
https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request
http://www.securityfocus.com/bid/97071
https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request

Products affected by CVE-2017-6370

Typo3 » Typo3 » Version: 7.6.15

cpe:2.3:a:typo3:typo3:7.6.15

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-6370

Products

Pricing

Contact Us