TYPO3-CORE-SA-2011-003: Improper error handling could lead to cache flooding in TYPO3 Core

September 14, 2011

Category: TYPO3 CMS
Author: Helmut Hummel
Keywords: TYPO3, security, TYPO3-CORE-SA-2011-002, Cache Flooding

It has been discovered that TYPO3 is susceptible to Cache Flooding

Component Type: TYPO3 Core

Affected Versions: 4.2.0 - 4.2.17, 4.3.0 - 4.3.13, 4.4.0 - 4.4.10 and 4.5.0 - 4.5.5

Release Date: September 14, 2011



Vulnerable subcomponent: Caching System

Vulnerability Type: Improper error handling

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C (What's that?)

Problem Description: When configured to explicitly deny cache disabling through an URL parameter ($TYPO3_CONF_VARS['FE']['disableNoCacheParameter']), TYPO3 fails to disable caching when an invalid cache hash URL parameter (cHash) is provided. This allows an attacker to easily flood the caching tables of TYPO3.

Solution: Update to the TYPO3 versions 4.3.14, 4.4.11 or 4.5.6 that fix the problem described.

Credits: Credits go to Daniel Poetzinger who discovered and Core Team member Oliver Hader who reported the issue.



General advice: Follow the recommendations that are given in the TYPO3 Security Cookbook. Please subscribe to thetypo3-announce mailing list to receive future Security Bulletins via E-mail.