#VU194 Environment variable injection in TYPO3 in TYPO3 and Oracle Linux - CVE-2016-5385

Cybersecurity Help s.r.o.

Published: 2016-07-22 | Updated: 2017-01-10

Vulnerability identifier: #VU194

Vulnerability risk: High

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Amber]

CVE-ID: CVE-2016-5385

CWE-ID: CWE-79

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
TYPO3
Web applications / CMS
Oracle Linux
Operating systems & Components / Operating system

Vendor: TYPO3
Oracle

Description
The vulnerability allows a remote attacker to redirect an application's outbound HTTP traffic.

The vulnerability exists in TYPO3 CMS. A remote attacker can redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request.

Successful exploitation of this vulnerability may result in XSS attack and data injection.

Mitigation
Install the latest version 8.2.1.

Vulnerable software versions

TYPO3: 8.0.0 - 8.2.0

Oracle Linux: 7

External links
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-019/
https://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in IBM FlashSystem models 840 and 900

Red Hat update for php

Slackware Linux update for php

Arch Linux update for drupal

Multiple vulnerabilities in TYPO3

Multiple vulnerabilities in SAN Volume Controller, Storwize family and FlashSystem V9000 products