N/A

CVSS Score

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2010-3714

CVE-2010-3714: TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism

The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2010-3714

CVE-2010-3714:

N/A

CVSS Score

-

CVSS Score

Basic Information

Technical Details

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
typo3/cms	composer	>= 4.2.0, < 4.2.15	4.2.15
typo3/cms	composer	>= 4.3.0, < 4.3.7	4.3.7
typo3/cms	composer	>= 4.4.0, < 4.4.4	4.4.4

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The core vulnerability stemmed from two key issues: 1) In class.tslib_fe.php, the loose comparison (==) in jumpUrl() allowed hash spoofing via PHP type juggling, as demonstrated by the patch replacing '==' with '==='. 2) In class.tslib_content.php, the use of shortMD5 for hash generation (instead of HMAC) created a weaker cryptographic foundation. The combination of these flaws enabled remote file disclosure. The high confidence in tslib_fe::jumpUrl is based on direct evidence from the patch diff and CVE description, while the medium confidence in tslib_content::locDataJU reflects its supporting role in the vulnerability chain.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2010-3714: TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism

CVE-2010-3714:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Basic Information

Basic Information

N/A

N/A

CVE-2010-3714: TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI