Bug #30377
closedCache poisoning through http(s) enforcement feature
100%
Description
When requesting a site with another hostname (set to the same IP) and IP based hosting is used, then all links that are enforced to use a different scheme will take this (forged) hostname into account.
Updated by Christian Kuhn about 13 years ago
This is related to the 'shortcut-icon' problem in #20381 and boils down to the fact that we do not have an API in FE to determine a valid domain name.
We have ideas to make for example 'domain records' required somehow, but we must tackle possible server scenarios carefully.
Updated by Marcus Krause over 12 years ago
- OTRS-Sec Ticket-ID set to 2012030810000055
Our team has received a report on Mar 8, 2012 which is most probably describing this issue. (@see OTRS-Sec Ticket-ID)
Updated by Steffen Ritter about 12 years ago
- Status changed from New to Under Review
Updated by Gerrit Code Review about 12 years ago
Patch set 2 for branch master_new has been pushed to the review server.
It is available at http://review.typo3.org/13100
Updated by Gerrit Code Review about 12 years ago
Patch set 3 for branch master_new has been pushed to the review server.
It is available at http://review.typo3.org/13100
Updated by Gerrit Code Review about 12 years ago
Patch set 4 for branch master_new has been pushed to the review server.
It is available at http://review.typo3.org/13100
Updated by Christian Kuhn almost 11 years ago
This is related to the 'shortcut-icon' problem in #20381.
Main issue is that _SERVER['HTTP_HOST'] can not be trusted, see
http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html
http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released
Domain records can not be used as they are restricted to FE, but we must fix this issue in BE and install tool, too.
Discussion during security sprint hh 2013:
We will implement a new config LocalConfiguration ['SYS']['TRUSTED_HOSTS'] parameter (possible regex), that can be set and is used in GeneralUtility::getIndpEnv() (main patch). Default is a "catch-all".
We should push information about this attack vector into the wild.
In the public there should follow further patches to add wizards/install-procedures/report-module/tce-main-domain-record-hooks/more. Their goal is to make the administration of this parameter as convenient as possible.
Updated by Gerrit Code Review almost 11 years ago
Patch set 1 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 2 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 3 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 4 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 5 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 6 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 7 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 8 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 9 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 10 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 11 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 12 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 13 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 14 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 1 for branch TYPO3_6-1 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/30206
Updated by Gerrit Code Review over 10 years ago
Patch set 1 for branch TYPO3_6-0 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/30207
Updated by Gerrit Code Review over 10 years ago
Patch set 15 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 2 for branch TYPO3_6-0 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/30207
Updated by Gerrit Code Review over 10 years ago
Patch set 2 for branch TYPO3_6-1 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/30206
Updated by Gerrit Code Review over 10 years ago
Patch set 1 for branch TYPO3_4-7 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/30211
Updated by Gerrit Code Review over 10 years ago
Patch set 1 for branch TYPO3_4-5 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/30213
Updated by Gerrit Code Review over 10 years ago
Patch set 2 for branch TYPO3_4-5 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/30213
Updated by Gerrit Code Review over 10 years ago
Patch set 2 for branch TYPO3_4-7 of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/30211
Updated by Gerrit Code Review over 10 years ago
Patch set 16 for branch master of project Teams/Security/TYPO3v4-Core has been pushed to the review server.
It is available at https://review.typo3.org/25801
Updated by Gerrit Code Review over 10 years ago
Patch set 1 for branch TYPO3_4-5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30275
Updated by Gerrit Code Review over 10 years ago
Patch set 1 for branch TYPO3_4-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30283
Updated by Gerrit Code Review over 10 years ago
Patch set 1 for branch TYPO3_6-0 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30291
Updated by Gerrit Code Review over 10 years ago
Patch set 1 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30299
Updated by Gerrit Code Review over 10 years ago
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/30307
Updated by Helmut Hummel over 10 years ago
- Project changed from 1716 to TYPO3 Core
- Category deleted (
T3-04: Cache poisoning)
Updated by Helmut Hummel over 10 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset ab7a9f8515b9e5e69067b9c74679b69e3533b0d0.