CVE-2017-6370

medium

Description

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.

References

https://github.com/faizzaidi/TYPO3-v7.6.15-Unencrypted-Login-Request

http://www.securityfocus.com/bid/97071

Details

Source: Mitre, NVD

Published: 2017-03-17

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N