CVE-2008-2717

NameCVE-2008-2717
DescriptionTYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1596-1
NVD severitymedium (attack range: remote)
Debian Bugs485814

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
typo3-srcsource(unstable)4.1.7-1medium485814
typo3-srcsourceetch4.0.2+debian-5mediumDSA-1596-1

Search for package or bug name: Reporting problems