CVE-2008-2717

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

Link	Resource
http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/
http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/
http://www.debian.org/security/2008/dsa-1596
http://secunia.com/advisories/30619	Vendor Advisory
http://secunia.com/advisories/30660	Vendor Advisory
http://securityreason.com/securityalert/3945
http://www.securityfocus.com/bid/29657
http://www.vupen.com/english/advisories/2008/1802
https://exchange.xforce.ibmcloud.com/vulnerabilities/42988
http://www.securityfocus.com/archive/1/493270/100/0/threaded

Configuration 1

cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:* cpe:2.3:a:apache:apache_webserver:*:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:* cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*

---

Published : 2008-06-16 10:41

Updated : 2018-10-11 08:42

---

NVD link : CVE-2008-2717

Mitre link : CVE-2008-2717

No products.

CWE-264