Cyber Resilience

CVE-2021-21359

MediumDDoS

Published: 23 March 2021

Published
23 March 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0059 69.6th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-21359 is a medium-severity Amplification (CWE-405) vulnerability in Typo3 Typo3. Its CVSS base score is 5.9 (Medium).

Operationally, ranked in the top 30.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler which again could retrieve content to be shown as error…

more

message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This is fixed in versions 9.5.25, 10.4.14, 11.1.1.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

typo3
typo3
9.0.0 — 9.5.25 · 10.0.0 — 10.4.14 · 11.0.0 — 11.1.1

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-674 CWE-405

Supports resumption at alternate site when uncontrolled recursion causes primary site failure or crash.

addresses: CWE-405 CWE-674

Employs controls that mitigate amplification attacks causing asymmetric resource use.

addresses: CWE-405

Alternate services reduce the impact of amplification attacks that exhaust primary telecommunications resources.

addresses: CWE-405

Amplification attacks that exhaust the primary path are mitigated by the existence of an independent alternate path for command traffic.

addresses: CWE-405

Limits amplification effects by controlling how resources are allocated under high-volume or recursive load.

References