CVE-2008-2717

Published: Jun 16, 2008Modified: Apr 23, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

Affected (18)

Products: Apache: Apache Webserver · Typo3: Typo3

1 product

Apache Webserver

1 product

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Apache Apache Webserver	All versions
Typo3 Typo3	Version 4.0.1
Typo3 Typo3	Version 4.0.2
Typo3 Typo3	Version 4.0.3
Typo3 Typo3	Version 4.0.4
Typo3 Typo3	Version 4.0.5
Typo3 Typo3	Version 4.0.6
Typo3 Typo3	Version 4.0.7
Typo3 Typo3	Version 4.0.8
Typo3 Typo3	Version 4.0
Typo3 Typo3	Version 4.1.1
Typo3 Typo3	Version 4.1.2
Typo3 Typo3	Version 4.1.3
Typo3 Typo3	Version 4.1.4
Typo3 Typo3	Version 4.1.5
Typo3 Typo3	Version 4.1.6
Typo3 Typo3	Version 4.1
Typo3 Typo3	Version 4.2

Related CWEs

References (20)

http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/

Source: cve@mitre.org

http://secunia.com/advisories/30619

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/30660

Source: cve@mitre.org

Vendor Advisory

http://securityreason.com/securityalert/3945

Source: cve@mitre.org

http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1596

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/493270/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/29657

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/1802

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/42988

Source: cve@mitre.org

http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/30619

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/30660

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securityreason.com/securityalert/3945

Source: af854a3a-2127-422b-91ae-364da2661108

http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1596

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/493270/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/29657

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/1802

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/42988

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.