CVE-2014-3941
Typo3 Host Header Spoofing Vulnerability
EPSS 0.28%
Description
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."
How to fix CVE-2014-3941
To remediate CVE-2014-3941, upgrade the affected package to a fixed version below.
- Debian/typo3-src—upgrade to 4.5.19+dfsg1-5+wheezy3 or later
- Packagist/typo3/cms—upgrade to 4.5.34 or later
Is CVE-2014-3941 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.5.19+dfsg1-5+wheezy3
- >= 4.5.0, < 4.5.34