Vulnerability Description
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Apache Webserver | All versions |
| Typo3 | Typo3 | 4.0 |
Related Weaknesses (CWE)
References
- http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regar
- http://secunia.com/advisories/30619Vendor Advisory
- http://secunia.com/advisories/30660Vendor Advisory
- http://securityreason.com/securityalert/3945
- http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/
- http://www.debian.org/security/2008/dsa-1596
- http://www.securityfocus.com/archive/1/493270/100/0/threaded
- http://www.securityfocus.com/bid/29657
- http://www.vupen.com/english/advisories/2008/1802
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42988
- http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regar
- http://secunia.com/advisories/30619Vendor Advisory
- http://secunia.com/advisories/30660Vendor Advisory
- http://securityreason.com/securityalert/3945
- http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/
FAQ
What is CVE-2008-2717?
CVE-2008-2717 is a vulnerability with a CVSS score of 6.5 (MEDIUM). TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictio...
How severe is CVE-2008-2717?
CVE-2008-2717 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2717?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Apache Webserver, Typo3 Typo3.