CVE Vulnerabilities

CVE-2008-2717

Published: Jun 16, 2008 | Modified: Oct 11, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

Affected Software

Name Vendor Start Version End Version
Apache_webserver Apache * *
Typo3 Typo3 4.0 (including) 4.0 (including)
Typo3 Typo3 4.0.1 (including) 4.0.1 (including)
Typo3 Typo3 4.0.2 (including) 4.0.2 (including)
Typo3 Typo3 4.0.3 (including) 4.0.3 (including)
Typo3 Typo3 4.0.4 (including) 4.0.4 (including)
Typo3 Typo3 4.0.5 (including) 4.0.5 (including)
Typo3 Typo3 4.0.6 (including) 4.0.6 (including)
Typo3 Typo3 4.0.7 (including) 4.0.7 (including)
Typo3 Typo3 4.0.8 (including) 4.0.8 (including)
Typo3 Typo3 4.1 (including) 4.1 (including)
Typo3 Typo3 4.1.1 (including) 4.1.1 (including)
Typo3 Typo3 4.1.2 (including) 4.1.2 (including)
Typo3 Typo3 4.1.3 (including) 4.1.3 (including)
Typo3 Typo3 4.1.4 (including) 4.1.4 (including)
Typo3 Typo3 4.1.5 (including) 4.1.5 (including)
Typo3 Typo3 4.1.6 (including) 4.1.6 (including)
Typo3 Typo3 4.2 (including) 4.2 (including)
Typo3-src Ubuntu dapper *
Typo3-src Ubuntu feisty *
Typo3-src Ubuntu gutsy *
Typo3-src Ubuntu hardy *
Typo3-src Ubuntu upstream *

References