Professional Content Management

Free and open source, TYPO3 CMS is the most widely used enterprise-level CMS.

Test TYPO3 now:

TYPO3 live demo

Inspire people to share

Offer your skills and contribute to the project. The community is growing and does more than just coding. 

A Community Effort

TYPO3 CMS is an Open Source project managed by the TYPO3 Association.

The Project

Do you have a question?

Ask the community or a professional partner.

TYPO3-20051114-6: TYPO3 Security Bulletin

Categories: TYPO3 CMS Created by Ekkehard Gümbel
Under special circumstances, setting config.baseURL (see typo3.org/documentation/document-library/doc_core_tsref/quot_CONFIG_quot/ ) to a numeric value ("1") could be used to spoof a malicious baseURL into your TYPO3 cache. It has now been decided to technically prevent this misconfiguration.

Component Type: Core

Affected Components: config.baseURL

Versions: TYPO3 3.8.0 and earlier

Vulnerability Type: TYPO3 cache spoofing

Severity: Medium

Problem Description:
Under special circumstances, setting config.baseURL (see typo3.org/documentation/document-library/doc_core_tsref/quot_CONFIG_quot/ ) to a numeric value ("1") could be used to spoof a malicious baseURL into your TYPO3 cache. It has now been decided to technically prevent this misconfiguration.

Solution:

The solution is part of the general maintenance upgrade to TYPO3 version 3.8.1, which all users of TYPO3 are advised to implement. In this version, the usage of "config.baseURL=1" is disabled. The usage of textual values remains the recommended option.

If you have been using "config.baseURL=1" in your setup, please make sure to change this before upgrading to TYPO3 3.8.1 !

Credits:
Thanks to Mikael Conley and others for notifying us.