cvedb.io
CVE-2017-6370
MEDIUM · CVSS 5.3
EPSS exploitation probability: 0%
Published 2017-03-17T17:59:00.157 · Last modified 2026-06-17T01:22:14.047

Summary

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.

Affected products

typo3 — typo3

Does this affect you?

Add your gear to cvedb and we'll alert you only when typo3 ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.