Описание
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | 4.2.1-1 |
| feisty | ignored | end of life, was needs-triage |
| gutsy | ignored | end of life, was needs-triage |
| hardy | ignored | end of life |
| intrepid | not-affected | 4.2.1-1 |
| jaunty | not-affected | 4.2.1-1 |
| karmic | not-affected | 4.2.1-1 |
| lucid | not-affected | 4.2.1-1 |
| maverick | not-affected | 4.2.1-1 |
Показывать по
Ссылки на источники
EPSS
6.5 Medium
CVSS2
Связанные уязвимости
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, ...
EPSS
6.5 Medium
CVSS2