PublicDate: 2008-06-16 22:41:00 UTC
Candidate: CVE-2008-2717
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2717
Description:
 TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses
 an insufficiently restrictive default fileDenyPattern for Apache, which
 allows remote attackers to bypass security restrictions and upload
 configuration files such as .htaccess, or conduct file upload attacks using
 multiple extensions.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_typo3-src:
upstream_typo3-src: released (4.1.7-1)
dapper_typo3-src: ignored (reached end-of-life)
feisty_typo3-src: needs-triage (reached end-of-life)
gutsy_typo3-src: needs-triage (reached end-of-life)
hardy_typo3-src: ignored (reached end-of-life)
intrepid_typo3-src: not-affected (4.2.1-1)
jaunty_typo3-src: not-affected (4.2.1-1)
karmic_typo3-src: not-affected (4.2.1-1)
lucid_typo3-src: not-affected (4.2.1-1)
maverick_typo3-src: not-affected (4.2.1-1)
natty_typo3-src: not-affected (4.2.1-1)
oneiric_typo3-src: not-affected (4.2.1-1)
devel_typo3-src: not-affected (4.2.1-1)