[wp-trac] [WordPress Trac] #61673: URL-encoded _wp_http_referer causes Apache AH10508, leading to 403 in several places

WordPress Trac noreply at wordpress.org
Wed Jul 17 15:56:09 UTC 2024


#61673: URL-encoded _wp_http_referer causes Apache AH10508, leading to 403 in
several places
-------------------------+------------------------------
 Reporter:  vsteiner     |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  General      |     Version:  6.6
 Severity:  major        |  Resolution:
 Keywords:               |     Focuses:
-------------------------+------------------------------

Comment (by erhaweb):

 The TYPO3 Security Team was able to prove that this problem is not a
 problem for which TYPO3 is responsible.
 https://forge.typo3.org/issues/104410

 Discussion about this (in german):
 https://forum.t3academy.de/d/507-strato-create-content-forbidden-
 error-403-cve-2024-38474-unsafeallow3f/

 The german Contao community also came to the conclusion that this problem
 is directly related to STRATO.
 https://community.contao.org/de/showthread.php?87114-Fehler-403-Forbidden-
 durch-Cookiebar-AH10508-Unsafe-URL-with-3f-URL-rewritten

 Maybe this will help you with further judgement 😉

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/61673#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list