Skip to main navigation Skip to main content Skip to page footer
main logo main logo

Link spoofing and cache poisoning vulnerabilities in TYPO3 CMS

10 December 2014 ยท TYPO3 Security Team 
Dear TYPO3 users!

It has been discovered that TYPO3 Core had link spoofing and cache poisoning vulnerabilities.


IMPORTANT NOTICE: The provided update my incorporate changes that might sightly change HTML frontend rendering of anchor links in rare cases! It is encouraged to properly test your installation in a development or staging environment and/or to disable the config.prefixLocalAnchors feature before updating your live page.

For more details on the issues please read the accordant advisory:

TYPO3 Security Bulletin TYPO3-CORE-SA-2014-003: Link spoofing and cache poisoning vulnerabilities in TYPO3 CMS
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/


In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Guide:
http://docs.typo3.org/typo3cms/SecurityGuide/

See all TYPO3 security advisories:
http://typo3.org/teams/security/security-bulletins/



Regards,

Helmut Hummel
Member of the TYPO3 Security Team

_______________________________________________
TYPO3-announce mailing list
TYPO3-announce at lists.typo3.org
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
_______________________________________________
TYPO3-announce mailing list
TYPO3-announce at lists.typo3.org
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
Back to list