CVE-2008-2717
Published Jun 16, 2008
Last updated 6 years ago
Overview
- Description
- TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-264
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:apache_webserver:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5DF97C8-A5E1-4091-A43D-B8F60E0313E4"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C2F271C6-B5A7-4B06-A3DF-4C7F74090CC8"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4"
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "884B4418-83A4-4BCB-8019-306285EB418E"
}
],
"operator": "OR"
}
]
}
]