CVE-2024-34358
📋 TL;DR
This vulnerability in TYPO3's ShowImageController allows attackers to trigger unlimited thumbnail generation by manipulating the 'frame' parameter without proper HMAC validation. It affects TYPO3 installations from version 9.0.0 up to specific patched versions. Attackers can cause resource exhaustion through server-side image processing.
💻 Affected Systems
- TYPO3 CMS
📦 What is this software?
Typo3 by Typo3
Typo3 by Typo3
Typo3 by Typo3
Typo3 by Typo3
Typo3 by Typo3
⚠️ Risk & Real-World Impact
Worst Case
Denial of service through server resource exhaustion (CPU, memory, disk space) from unlimited thumbnail generation, potentially disrupting website availability.
Likely Case
Increased server load and performance degradation from automated thumbnail generation attacks, leading to slower response times.
If Mitigated
Minimal impact with proper rate limiting, monitoring, and resource constraints in place.
🎯 Exploit Status
Exploitation requires only HTTP requests with manipulated parameters. No authentication needed. Simple automated tools could exploit this.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1
Vendor Advisory: https://typo3.org/security/advisory/typo3-core-sa-2024-010
Restart Required: No
Instructions:
1. Identify your TYPO3 version. 2. Update to the patched version for your branch. 3. Clear TYPO3 caches after update. 4. Verify the fix by checking version.
🔧 Temporary Workarounds
Block eID endpoint
allRestrict access to the vulnerable eID endpoint via web server configuration or firewall rules.
# Apache: RewriteRule ^/index\.php\?eID=tx_cms_showpic - [F]
# Nginx: location ~* "eID=tx_cms_showpic" { return 403; }
Implement rate limiting
allConfigure rate limiting on thumbnail generation endpoints to prevent abuse.
# Using mod_evasive (Apache) or similar modules
# Configure based on your web server's capabilities
🧯 If You Can't Patch
- Implement strict rate limiting on all eID endpoints
- Monitor server resources and set alerts for abnormal thumbnail generation patterns
🔍 How to Verify
Check if Vulnerable:
Check if your TYPO3 version falls within affected ranges and test if /index.php?eID=tx_cms_showpic endpoint is accessible.Check Version:
Check TYPO3 backend under 'Admin Tools > System > Environment' or examine typo3conf/LocalConfiguration.php for versionVerify Fix Applied:
After patching, verify version is updated to patched version and test that frame parameter manipulation no longer triggers unlimited thumbnails.📡 Detection & Monitoring
Log Indicators:
- Unusual frequency of requests to /index.php?eID=tx_cms_showpic
- Multiple thumbnail generation entries in TYPO3 or web server logs
- High resource usage from PHP/image processing
Network Indicators:
- HTTP requests with manipulated 'frame' parameter values
- Repeated requests to same eID endpoint with varying parameters
SIEM Query:
source="web_server_logs" AND uri="*eID=tx_cms_showpic*" | stats count by src_ip🔗 References
- https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14
- https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5
- https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142
- https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957
- https://typo3.org/security/advisory/typo3-core-sa-2024-010
- https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14
- https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5
- https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142
- https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957
- https://typo3.org/security/advisory/typo3-core-sa-2024-010
