CVE-2008-2717 Information
Description
TYPO3 4.0.x before 4.0.9 4.1.x before 4.1.7 and 4.2.x before 4.2.1 uses an insufficiently restrictive default fileDenyPattern for Apache which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess or conduct file upload attacks using multiple extensions.
Reference
http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/ http://secunia.com/advisories/30619 http://secunia.com/advisories/30660 http://securityreason.com/securityalert/3945 http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/ http://www.debian.org/security/2008/dsa-1596 http://www.securityfocus.com/archive/1/493270/100/0/threaded http://www.securityfocus.com/bid/29657 http://www.vupen.com/english/advisories/2008/1802 https://exchange.xforce.ibmcloud.com/vulnerabilities/42988
Share on: