Component Type: Core
Affected Components: TYPO3 Page Cache
Versions: TYPO3 3.8.0 and earlier
Vulnerability Type: Denial of Service
In the past, a "Shift Reload" from the browser (AKA a GET request with the "no-cache" pragma set) cleared the TYPO3 cache of the requested page. This may be considered a potential target for Denial of Service attacks.
The solution is part of the general maintenance upgrade to TYPO3 version 3.8.1, which all users of TYPO3 are advised to implement. In this version, the TYPO3 cache of the page is only cleared if the "Shift Reload" is issued out of a valid backend session.