6.5

CVE-2008-2717

EPSS 0.25%
Veröffentlicht 16.06.2008 22:41:00
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Apache Webserver

Typo3 ≫ Typo3 Version4.0

Typo3 ≫ Typo3 Version4.0.1

Typo3 ≫ Typo3 Version4.0.2

Typo3 ≫ Typo3 Version4.0.3

Typo3 ≫ Typo3 Version4.0.4

Typo3 ≫ Typo3 Version4.0.5

Typo3 ≫ Typo3 Version4.0.6

Typo3 ≫ Typo3 Version4.0.7

Typo3 ≫ Typo3 Version4.0.8

Typo3 ≫ Typo3 Version4.1

Typo3 ≫ Typo3 Version4.1.1

Typo3 ≫ Typo3 Version4.1.2

Typo3 ≫ Typo3 Version4.1.3

Typo3 ≫ Typo3 Version4.1.4

Typo3 ≫ Typo3 Version4.1.5

Typo3 ≫ Typo3 Version4.1.6

Typo3 ≫ Typo3 Version4.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.482

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/

http://secunia.com/advisories/30619

Vendor Advisory

http://secunia.com/advisories/30660

Vendor Advisory

http://securityreason.com/securityalert/3945

http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/

http://www.debian.org/security/2008/dsa-1596

http://www.securityfocus.com/archive/1/493270/100/0/threaded

http://www.securityfocus.com/bid/29657

http://www.vupen.com/english/advisories/2008/1802

https://exchange.xforce.ibmcloud.com/vulnerabilities/42988

https://nvd.nist.gov/vuln/detail/CVE-2008-2717

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-2717

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-2717

EUVD