CVE-2008-2717

Опубликовано: 16 июн. 2008

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:apache_webserver:*:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00249

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2008-2717

ubuntu

больше 17 лет назад

CVE-2008-2717

debian

больше 17 лет назад

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, ...

GHSA-f35p-hcwf-9f9f

github

больше 3 лет назад

TYPO3 Unrestricted File Upload vulnerability

EPSS

Процентиль: 48%

0.00249

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-264