Learn about CVE-2021-21359 impacting TYPO3.CMS versions 9.0.0 to 9.5.24, 10.0.0 to 10.4.13, and 11.0.0 to 11.1.0. Understand the vulnerability, its impact, and mitigation steps.
TYPO3 is an open-source PHP-based web content management system. In TYPO3 versions 9.5.25, 10.4.14, 11.1.1, requesting invalid resources via HTTP triggers page error handler recursively.
Understanding CVE-2021-21359
This CVE describes a vulnerability in TYPO3.CMS that could lead to Denial of Service attacks due to a recursive calling of the application until the web server limits are exceeded.
What is CVE-2021-21359?
In TYPO3 versions before 9.5.25, 10.4.14, 11.1.1, requesting non-existing resources via HTTP could trigger page error handlers recursively, causing an amplification effect until the server reaches its limits.
The Impact of CVE-2021-21359
The vulnerability can be exploited to launch Denial of Service attacks, potentially causing service disruptions, impacting availability significantly.
Technical Details of CVE-2021-21359
The vulnerability is assigned a CVSSv3.1 score of 5.9 (Medium severity) with a high attack complexity and impact on network availability.
Vulnerability Description
The vulnerability stems from the page error handling mechanism which can be exploited by requesting non-existing resources via HTTP, leading to recursive calls within the application.
Affected Systems and Versions
TYPO3 versions 9.0.0 to 9.5.24, 10.0.0 to 10.4.13, and 11.0.0 to 11.1.0 are affected by this vulnerability.
Exploitation Mechanism
By requesting invalid or non-existing resources via HTTP, the page error handler could be triggered recursively, causing a loop that amplifies the impact of the initial attack.
Mitigation and Prevention
To mitigate CVE-2021-21359, users should update their TYPO3.CMS installations to versions 9.5.25, 10.4.14, or 11.1.1 to patch the vulnerability.
Immediate Steps to Take
Immediately update TYPO3.CMS to the patched versions (9.5.25, 10.4.14, 11.1.1) to prevent exploitation of this vulnerability.
Long-Term Security Practices
Regularly update and patch software to stay protected against known vulnerabilities. Employ web application firewalls and monitor network traffic for suspicious activities.
Patching and Updates
Stay informed about security advisories from TYPO3 and apply patches promptly to secure your CMS installation.