CVE-2008-2717

Description

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/42988

http://www.vupen.com/english/advisories/2008/1802

http://www.securityfocus.com/bid/29657

http://www.securityfocus.com/archive/1/493270/100/0/threaded

http://www.debian.org/security/2008/dsa-1596

http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/

http://securityreason.com/securityalert/3945

http://secunia.com/advisories/30660

http://secunia.com/advisories/30619

http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3