CVE-2022-23500

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-23500
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23500.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-23500
Aliases
Withdrawn
2024-05-08T06:52:25.314118Z
Published
2022-12-14T08:15:09Z
Modified
2023-12-06T00:46:56.761578Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in CVE-2021-21359. This issue is patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1.

References

Affected packages

Git / github.com/benjaminkott/bootstrap_package

Affected ranges

Affected versions

10.*

10.0.0
10.0.1
10.0.10
10.0.11
10.0.2
10.0.3
10.0.4
10.0.5
10.0.6
10.0.7
10.0.8
10.0.9

11.*

11.0.0
11.0.1
11.0.2
11.0.3
11.0.4

12.*

12.0.0
12.0.1
12.0.10
12.0.2
12.0.3
12.0.4
12.0.5
12.0.6
12.0.7
12.0.8
12.0.9

13.*

13.0.0
13.0.1
13.0.2
13.0.3
13.0.4
13.0.5

14.*

14.0.0
14.0.1
14.0.2
14.0.3
14.0.4
14.0.5
14.0.6
14.0.7

9.*

9.0.0
9.0.1
9.0.2
9.0.3
9.0.4
9.1.0
9.1.1
9.1.2
9.1.3

v11.*

v11.0.0
v11.1.0
v11.2.0
v11.3.0
v11.4.0
v11.5.0
v11.5.1
v11.5.10
v11.5.11
v11.5.12
v11.5.13
v11.5.14
v11.5.15
v11.5.16
v11.5.17
v11.5.18
v11.5.19
v11.5.2
v11.5.3
v11.5.4
v11.5.5
v11.5.6
v11.5.7
v11.5.8
v11.5.9