Since yesterday (nothing was changed) I Got the following error when I want to edit a page or add content.
Forbidden
You don’t have permission to access this resource.
I’m logged in as backend admin with full rights … any hint for me?
The access rights looks fine.
Thanks in advance.
php log messages
AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F
AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F
AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F
AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F
AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F
AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F
AH01215: PHP Fatal error: Only variables can be passed by reference in /mnt/web107/a3/90/58486790/htdocs/typo3_grau_01/typo3conf/ext/pt_extlist/Classes/Domain/Renderer/Default/CellRenderer.php on line 158: /home/strato/http/premium/rid/67/90/58486790/htdocs/typo3_grau_01/index.php
AH01215: PHP Fatal error: Only variables can be passed by reference in /mnt/web107/a3/90/58486790/htdocs/typo3_grau_01/typo3conf/ext/pt_extlist/Classes/Domain/Renderer/Default/CellRenderer.php on line 158: /home/strato/http/premium/rid/67/90/58486790/htdocs/typo3_grau_01/index.php
AH01630: client denied by server configuration: /home/strato/http/premium/rid/67/90/58486790/htdocs/typo3_grau_01/.git
AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F
AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F
AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F
AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F
AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F
AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F
AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F
AH10508: Unsafe URL with %3f URL rewritten without UnsafeAllow3F
AH01630: client denied by server configuration: /home/strato/http/premium/rid/67/90/58486790/htdocs/typo3_grau_01/fileadmin/src
AH01215: PHP Fatal error: Only variables can be passed by reference in /mnt/web107/a3/90/58486790/htdocs/typo3_grau_01/typo3conf/ext/pt_extlist/Classes/Domain/Renderer/Default/CellRenderer.php on line 158: /home/strato/http/premium/rid/67/90/58486790/htdocs/typo3_grau_01/index.php
AH01215: PHP Fatal error: Only variables can be passed by reference in /mnt/web107/a3/90/58486790/htdocs/typo3_grau_01/typo3conf/ext/pt_extlist/Classes/Domain/Renderer/Default/CellRenderer.php on line 158: /home/strato/http/premium/rid/67/90/58486790/htdocs/typo3_grau_01/index.php
AH01215: PHP Fatal error: Only variables can be passed by reference in /mnt/web107/a3/90/58486790/htdocs/typo3_grau_01/typo3conf/ext/pt_extlist/Classes/Domain/Renderer/Default/CellRenderer.php on line 158: /home/strato/http/premium/rid/67/90/58486790/htdocs/typo3_grau_01/index.php
AH01630: client denied by server configuration: /home/strato/http/premium/rid/67/90/58486790/htdocs/typo3_grau_01/.git
15
We contacted STR***O and received the following response:
‘You had contacted us because you encountered an error message (‘403 Forbidden’) when using your Typo3 instance.
This is due to the fact that an insecure vulnerability was closed by a software update in the infrastructure. This would have allowed attackers to penetrate your web space and execute malicious code. This prevents the communication of Typo3 and its used method with the web server in some areas of the Typo3 instance.
We refer to vulnerability description CVE-2024-38474 (https://www.cve.org/CVERecord?id=CVE-2024-38474). This update will generally be installed on all current Apache instances.
For security reasons, we will not release the insecure method used by Typo3 on the host systems. We kindly ask you to contact the developer of Typo3 and inform him about the vulnerability. We expressly recommend that you do not implement any modifications that circumvent this, as this will make you vulnerable. ’
QInes2 is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
2