PT-2008-4161 · Apache+1 · Apache+1

Marcus Krause

Publicado

2008-06-16

Atualizado

2022-05-01

CVE-2008-2717

CVSS v2.0

6.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions TYPO3 versions 4.0.x through 4.0.8 TYPO3 versions 4.1.x through 4.1.6 TYPO3 versions 4.2.x through 4.2.0

Description The issue allows remote attackers to bypass security restrictions and upload configuration files, such as .htaccess, or conduct file upload attacks using multiple extensions, due to an insufficiently restrictive default fileDenyPattern for Apache.

Recommendations For versions 4.0.x through 4.0.8, update to version 4.0.9 or later. For versions 4.1.x through 4.1.6, update to version 4.1.7 or later. For versions 4.2.x through 4.2.0, update to version 4.2.1 or later.

Correção

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-434

Identificadores relacionados

CVE-2008-2717

DSA-1596-1

GHSA-F35P-HCWF-9F9F

Produtos afetados

Apache

Typo3

PT-2008-4161 · Apache+1 · Apache+1

CVE-2008-2717

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19