PT-2008-4161 · Apache+1 · Apache+1

Marcus Krause

Published

2008-06-16

Updated

2022-05-01

CVE-2008-2717

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions TYPO3 versions 4.0.x through 4.0.8 TYPO3 versions 4.1.x through 4.1.6 TYPO3 versions 4.2.x through 4.2.0

Description The issue allows remote attackers to bypass security restrictions and upload configuration files, such as .htaccess, or conduct file upload attacks using multiple extensions, due to an insufficiently restrictive default fileDenyPattern for Apache.

Recommendations For versions 4.0.x through 4.0.8, update to version 4.0.9 or later. For versions 4.1.x through 4.1.6, update to version 4.1.7 or later. For versions 4.2.x through 4.2.0, update to version 4.2.1 or later.

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264CWE-434

Related Identifiers

CVE-2008-2717

DSA-1596-1

GHSA-F35P-HCWF-9F9F

Affected Products

Apache

Typo3

PT-2008-4161 · Apache+1 · Apache+1

CVE-2008-2717

Weakness Enumeration

Related Identifiers

Affected Products

References · 19