Go to: typo3.com Home TYPO3 Association Home typo3.org Home Certification FLOW3 Bugtracker Forge (Development Platform) News Buzz (TYPO3 Blogs) Wiki Mailing lists TYPO3 Snippets

Search:

 

Component Type: Core

Affected Components: TYPO3 Page Cache

Versions: TYPO3 3.8.0 and earlier

Vulnerability Type: Denial of Service

Severity: Low

 

Problem Description:
In the past, a "Shift Reload" from the browser (AKA a GET request with the "no-cache" pragma set) cleared the TYPO3 cache of the requested page. This may be considered a potential target for Denial of Service attacks.

 

Solution:

The solution is part of the general maintenance upgrade to TYPO3 version 3.8.1, which all users of TYPO3 are advised to implement. In this version, the TYPO3 cache of the page is only cleared if the "Shift Reload" is issued out of a valid backend session.