VYPR
High severityNVD Advisory· Published Jan 4, 2015· Updated Jun 17, 2026

CVE-2014-9509

CVE-2014-9509

Description

The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to have an unspecified impact (possibly resource consumption) via a "Cache Poisoning" attack using a URL with arbitrary arguments, which triggers a reload of the page.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
typo3/cmsPackagist
>= 4.5.0, < 4.5.394.5.39
typo3/cmsPackagist
>= 6.2.0, < 6.2.96.2.9
typo3/cmsPackagist
>= 7.0.0, < 7.0.27.0.2
typo3/cmsPackagist
>= 4.6.0, < 4.6.194.6.19
typo3/cmsPackagist
>= 4.7.0, < 4.7.214.7.21
typo3/cmsPackagist
>= 6.0.0, < 6.0.156.0.15
typo3/cmsPackagist
>= 6.1.0, < 6.1.136.1.13

Affected products

119
  • TYPO3/Typo3118 versions
    cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*+ 117 more
    • cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.32:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.33:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.34:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.35:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.36:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.37:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.38:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.14:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.15:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.16:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.17:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.18:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.17:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.18:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.19:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.20:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.0.12:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.0.13:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.2.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.2.0:beta2:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.2.0:beta3:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:6.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:7.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:7.0.1:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 4.5.0, < 4.5.39

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.