CVE-2017-6370

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-6370
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-6370.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-6370
Aliases
Published
2017-03-17T17:59:00Z
Modified
2024-10-12T02:49:46.071277Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.

References

Affected packages

Git / github.com/typo3/typo3.cms

Affected ranges

Type
GIT
Repo
https://github.com/typo3/typo3.cms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

6.*

6.2.0
6.2.1
6.2.2
6.2.3

7.*

7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.6.1
7.6.10
7.6.11
7.6.12
7.6.13
7.6.14
7.6.15
7.6.2
7.6.3
7.6.4
7.6.5
7.6.6
7.6.7
7.6.8
7.6.9

Other

TYPO3_6-1-0rc1
TYPO3_6-2-0
TYPO3_6-2-0alpha1
TYPO3_6-2-0alpha2
TYPO3_6-2-0alpha3
TYPO3_6-2-0beta1
TYPO3_6-2-0beta2
TYPO3_6-2-0beta3
TYPO3_6-2-0beta4
TYPO3_6-2-0beta5
TYPO3_6-2-0beta6
TYPO3_6-2-0beta7
TYPO3_6-2-0rc1
TYPO3_6-2-0rc2
TYPO3_6-2-1
TYPO3_6-2-2
TYPO3_6-2-3
TYPO3_7-0-0
TYPO3_7-1-0
TYPO3_7-2-0
TYPO3_7-3-0
TYPO3_7-4-0
TYPO3_7-5-0
TYPO3_7-6-0
TYPO3_7-6-1
TYPO3_7-6-10
TYPO3_7-6-11
TYPO3_7-6-12
TYPO3_7-6-13
TYPO3_7-6-14
TYPO3_7-6-15
TYPO3_7-6-2
TYPO3_7-6-3
TYPO3_7-6-4
TYPO3_7-6-5
TYPO3_7-6-6
TYPO3_7-6-7
TYPO3_7-6-8
TYPO3_7-6-9