Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

CVE-2021-21359 : Exploit Details and Defense Strategies

Learn about CVE-2021-21359 impacting TYPO3.CMS versions 9.0.0 to 9.5.24, 10.0.0 to 10.4.13, and 11.0.0 to 11.1.0. Understand the vulnerability, its impact, and mitigation steps.

TYPO3 is an open-source PHP-based web content management system. In TYPO3 versions 9.5.25, 10.4.14, 11.1.1, requesting invalid resources via HTTP triggers page error handler recursively.

Understanding CVE-2021-21359

This CVE describes a vulnerability in TYPO3.CMS that could lead to Denial of Service attacks due to a recursive calling of the application until the web server limits are exceeded.

What is CVE-2021-21359?

In TYPO3 versions before 9.5.25, 10.4.14, 11.1.1, requesting non-existing resources via HTTP could trigger page error handlers recursively, causing an amplification effect until the server reaches its limits.

The Impact of CVE-2021-21359

The vulnerability can be exploited to launch Denial of Service attacks, potentially causing service disruptions, impacting availability significantly.

Technical Details of CVE-2021-21359

The vulnerability is assigned a CVSSv3.1 score of 5.9 (Medium severity) with a high attack complexity and impact on network availability.

Vulnerability Description

The vulnerability stems from the page error handling mechanism which can be exploited by requesting non-existing resources via HTTP, leading to recursive calls within the application.

Affected Systems and Versions

TYPO3 versions 9.0.0 to 9.5.24, 10.0.0 to 10.4.13, and 11.0.0 to 11.1.0 are affected by this vulnerability.

Exploitation Mechanism

By requesting invalid or non-existing resources via HTTP, the page error handler could be triggered recursively, causing a loop that amplifies the impact of the initial attack.

Mitigation and Prevention

To mitigate CVE-2021-21359, users should update their TYPO3.CMS installations to versions 9.5.25, 10.4.14, or 11.1.1 to patch the vulnerability.

Immediate Steps to Take

Immediately update TYPO3.CMS to the patched versions (9.5.25, 10.4.14, 11.1.1) to prevent exploitation of this vulnerability.

Long-Term Security Practices

Regularly update and patch software to stay protected against known vulnerabilities. Employ web application firewalls and monitor network traffic for suspicious activities.

Patching and Updates

Stay informed about security advisories from TYPO3 and apply patches promptly to secure your CMS installation.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now