Medium severity5.3NVD Advisory· Published Mar 17, 2017· Updated May 13, 2026

CVE-2017-6370

Description

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.

Affected products

TYPO3/Typo3
cpe:2.3:a:typo3:typo3:7.6.15:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-87hc-phmj-rhghghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-6370ghsaADVISORY
www.securityfocus.com/bid/97071nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000