CVE-2008-2717: TYPO3 Unrestricted File Upload vulnerability
(updated )
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
References
- buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/
- typo3.org/teams/security/security-bulletins/typo3-20080611-1/
- www.debian.org/security/2008/dsa-1596
- exchange.xforce.ibmcloud.com/vulnerabilities/42988
- github.com/advisories/GHSA-f35p-hcwf-9f9f
- nvd.nist.gov/vuln/detail/CVE-2008-2717
- web.archive.org/web/20080815050856/http://securityreason.com/securityalert/3945
- web.archive.org/web/20081201212626/http://secunia.com/advisories/30619
- web.archive.org/web/20081206030529/http://secunia.com/advisories/30660
- web.archive.org/web/20200228131005/http://www.securityfocus.com/bid/29657
- web.archive.org/web/20201208012148/http://www.securityfocus.com/archive/1/493270/100/0/threaded
Code Behaviors & Features
Detect and mitigate CVE-2008-2717 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →