CVE-2017-6370: Cleartext Transmission of Sensitive Information

March 17, 2017 (updated October 3, 2019)

TYPO3 sends an HTTP request to an index.php?loginProvider URI in cases with an HTTP Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.

References

nvd.nist.gov/vuln/detail/CVE-2017-6370

Code Behaviors & Features

Detect and mitigate CVE-2017-6370 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →