TYPO3 v7.6.15 Unencrypted Login Request Assigned CVE Number: CVE-2017-6370
TYPO3-v7615-Unencrypted-Login-Request TYPO3 v7615 Unencrypted Login Request Assigned CVE Number: CVE-2017-6370
TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote malicious users to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
typo3 typo3 7.6.15 |