CVE-2008-2717
Published: 16 June 2008
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
Priority
Status
Package | Release | Status |
---|---|---|
typo3-src Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
feisty |
Ignored
(end of life, was needs-triage)
|
|
gutsy |
Ignored
(end of life, was needs-triage)
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Not vulnerable
(4.2.1-1)
|
|
jaunty |
Not vulnerable
(4.2.1-1)
|
|
karmic |
Not vulnerable
(4.2.1-1)
|
|
lucid |
Not vulnerable
(4.2.1-1)
|
|
maverick |
Not vulnerable
(4.2.1-1)
|
|
natty |
Not vulnerable
(4.2.1-1)
|
|
oneiric |
Not vulnerable
(4.2.1-1)
|
|
upstream |
Released
(4.1.7-1)
|