Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2717

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-2717
Last Modified 07 Mar 2011 10:09:39
Published 16 Jun 2008 06:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-2717

Summary

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

Vulnerable Systems

Application

  • Apache Webserver

  • Typo3 4.0

  • Typo3 4.0.1

  • Typo3 4.0.2

  • Typo3 4.0.3

  • Typo3 4.0.4

  • Typo3 4.0.5

  • Typo3 4.0.6

  • Typo3 4.0.7

  • Typo3 4.0.8

  • Typo3 4.1

  • Typo3 4.1.1

  • Typo3 4.1.2

  • Typo3 4.1.3

  • Typo3 4.1.4

  • Typo3 4.1.5

  • Typo3 4.1.6

  • Typo3 4.2


References

XF - typo3-filename-file-upload(42988)

VUPEN - ADV-2008-1802

BID - 29657

BUGTRAQ - 20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core

DEBIAN - DSA-1596

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/

SREASON - 3945

SECUNIA - 30660

SECUNIA - 30619

CONFIRM - http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/


Last Updated: 27 May 2016 10:47:57