Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation resources documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce describes vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability
vulnerability note 8839
TYPO3: redirect with jumpUrl

Synthesis of the vulnerability
An attacker can use jumpUrl to redirect TYPO3 users to a file forbidden by fileDenyPattern.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Means of attack: no proof of concept, no attack.
Ability of attacker: expert (4/4).
Confidence: confirmed by the editor (5/5).
Diffusion of the vulnerable configuration: low (1/3).
Creation date: 06/07/2009.

Impacted products

Description of the vulnerability
The jumpUrl feature is used to redirect the user to a new url.

The fileDenyPattern configuration variable indicates forbidden patterns in files.

However, if the validation token is valid, jumpUrl accepts to redirect to files which should be forbidden by fileDenyPattern (such as PHP files or files under typo3conf).

This error currently has no impact on security, but could be used by another vulnerability.

An attacker can therefore use jumpUrl to redirect TYPO3 users to a file forbidden by fileDenyPattern.

Characteristics
Title: TYPO3: redirect with jumpUrl
Identifiers: 0011369, VIGILANCE-VUL-8839.
Url: https://vigilance.fr/tree/1/8839

Information sources
Publications and announces
Source example: 0011369: jumpUrl should only allow files not matching fileDenyPattern

Solutions for this vulnerability
Patch or workaround



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française