QwikSec

Security Database

CVE

CWE

Training

CVE-2008-2717

Published: Jun 16, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core

mailing-list

x_refsource_BUGTRAQ

typo3-filename-file-upload(42988)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_DEBIAN

vdb-entry

x_refsource_VUPEN

third-party-advisory

x_refsource_SECUNIA

http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/

x_refsource_CONFIRM

third-party-advisory

x_refsource_SREASON

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.