6.5

CVE-2008-2717

EPSS 0.25%
Published 16.06.2008 22:41:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

Affected products Warnungen 0 Metrics 2 CWE 0 References 13

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Apache Webserver

Typo3 ≫ Typo3 Version4.0

Typo3 ≫ Typo3 Version4.0.1

Typo3 ≫ Typo3 Version4.0.2

Typo3 ≫ Typo3 Version4.0.3

Typo3 ≫ Typo3 Version4.0.4

Typo3 ≫ Typo3 Version4.0.5

Typo3 ≫ Typo3 Version4.0.6

Typo3 ≫ Typo3 Version4.0.7

Typo3 ≫ Typo3 Version4.0.8

Typo3 ≫ Typo3 Version4.1

Typo3 ≫ Typo3 Version4.1.1

Typo3 ≫ Typo3 Version4.1.2

Typo3 ≫ Typo3 Version4.1.3

Typo3 ≫ Typo3 Version4.1.4

Typo3 ≫ Typo3 Version4.1.5

Typo3 ≫ Typo3 Version4.1.6

Typo3 ≫ Typo3 Version4.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.482

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/

http://secunia.com/advisories/30619

Vendor Advisory

http://secunia.com/advisories/30660

Vendor Advisory

http://securityreason.com/securityalert/3945

http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/

http://www.debian.org/security/2008/dsa-1596

http://www.securityfocus.com/archive/1/493270/100/0/threaded

http://www.securityfocus.com/bid/29657

http://www.vupen.com/english/advisories/2008/1802

https://exchange.xforce.ibmcloud.com/vulnerabilities/42988

https://nvd.nist.gov/vuln/detail/CVE-2008-2717

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-2717

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-2717

EUVD