Description

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

Remediation

References

CVE-2008-2717

Related Vulnerabilities

WordPress Plugin Bannerlid Cross-Site Scripting (1.1.0)

Apache Tomcat Other Vulnerability (CVE-2023-45648)

WordPress Plugin Contact Form by BestWebSoft Cross-Site Scripting (3.81)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-7724)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-1855)

Severity

Medium

Classification

CVE-2008-2717 CWE-264

Tags

Missing Update Known Vulnerabilities