CVE-2017-6370
N/A
N/A
Summary
TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securityfocus.com/bid/97071
- https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request
References
- http://www.securityfocus.com/bid/97071
- https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.