4.3

CVSS Score

Basic Information

CVE ID

CVE-2014-9508

GHSA ID

GHSA-v6xv-rmqc-wcc8

EPSS Score

0.51992%

CWE

CWE-59

Published

5/17/2022

Updated

2/5/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2014-9508

CVE-2014-9508: Typo3 Open Redirect In Frontend Rendering

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, allows remote attackers to change URLs to arbitrary domains.

An attacker could forge a request which modifies anchor only links on the homepage of a TYPO3 installation such that they point to arbitrary domains, if the configuration option config.prefixLocalAnchors is used with any possible value. TYPO3 versions 4.6.x and higher are only affected if the homepage is not a shortcut to a different page. As an additional pre-condition, URL rewriting must be enabled in the web server (which it typically is) when using extensions like realurl or cooluri.

Installations where config.absRefPrefix is additionally set to any value are not affected by this vulnerability.

Example of affected configuration:

config.absRefPrefix =
config.prefixLocalAnchors = all 
page = PAGE 
page.10 = TEXT 
page.10.value = <a href="#skiplinks">Skiplinks</a> 
.htaccess:

RewriteCond %{REQUEST_FILENAME} !-f 
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteCond %{REQUEST_FILENAME} !-l 
RewriteRule .* index.php [L]

(GitHub Advisory)

4.3

CVSS Score

Basic Information

CVE ID

CVE-2014-9508

GHSA ID

GHSA-v6xv-rmqc-wcc8

EPSS Score

0.51992%

CWE

CWE-59

Published

5/17/2022

Updated

2/5/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
typo3/cms	composer	>= 4.5.0, < 4.5.39	4.5.39
typo3/cms	composer	>= 4.6.0, < 6.2.9	6.2.9
typo3/cms	composer	>= 7.0.0, < 7.0.2	7.0.2

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper handling of anchor links when 'config.prefixLocalAnchors' is enabled without 'config.absRefPrefix'. The ContentObjectRenderer::typoLink function is directly responsible for URL generation and would apply the vulnerable prefix logic. PageGenerator::renderContentWithHeader manages overall page rendering context where this misconfiguration could be exploited. Both are core components of TYPO3's frontend rendering pipeline where URL manipulation would occur. Confidence is high for typoLink due to its direct role in link processing, and medium for PageGenerator due to broader contextual involvement.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *ront*n* r*n**rin* *ompon*nt in TYPO* *.*.x ***or* *.*.**, *.*.x t*rou** *.*.x ***or* *.*.*, *n* *.x ***or* *.*.*, *llows r*mot* *tt**k*rs to ***n** URLs to *r*itr*ry *om*ins. *n *tt**k*r *oul* *or** * r*qu*st w*i** mo*i*i*s *n**or only links on

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* *n**or links w**n '*on*i*.pr**ixLo**l*n**ors' is *n**l** wit*out '*on*i*.**sR**Pr**ix'. T** `*ont*ntO*j**tR*n**r*r::typoLink` *un*tion is *ir**tly r*sponsi*l* *or URL **n*r*tion *n* woul* *pply t** vu

4.3

Basic Information

Concerned about an active attack path?

CVE-2014-9508: Typo3 Open Redirect In Frontend Rendering

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI