vulnerability note 8839

TYPO3: redirect with jumpUrl

Synthesis of the vulnerability

An attacker can use jumpUrl to redirect TYPO3 users to a file forbidden by fileDenyPattern.

Severity: 1/4. Creation date: 06/07/2009.

Description of the vulnerability

The jumpUrl feature is used to redirect the user to a new url. The fileDenyPattern configuration variable indicates forbidden patterns in files. However, if the validation token is valid, jumpUrl accepts to redirect to files which should be forbidden by fileDenyPattern (such as PHP files or files under typo3conf). This error currently has no impact on security, but could be used by another vulnerability. An attacker can therefore use jumpUrl to redirect TYPO3 users to a file forbidden by fileDenyPattern.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: TYPO3: redirect with jumpUrl. Keywords: PHP TYPO3 fileDenyPattern jumpUrl redirect typo3conf with. Identifiers: 0011369, VIGILANCE-VUL-8839.

Information sources

Publications and announces Source example: 0011369: jumpUrl should only allow files not matching fileDenyPattern

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Security vulnerability alerts