Vulnerabilites related to apache - apache_webserver
Vulnerability from fkie_nvd
Published
2008-06-16 22:41
Modified
2025-04-09 00:30
Severity ?
Summary
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | apache_webserver | * | |
| typo3 | typo3 | 4.0 | |
| typo3 | typo3 | 4.0.1 | |
| typo3 | typo3 | 4.0.2 | |
| typo3 | typo3 | 4.0.3 | |
| typo3 | typo3 | 4.0.4 | |
| typo3 | typo3 | 4.0.5 | |
| typo3 | typo3 | 4.0.6 | |
| typo3 | typo3 | 4.0.7 | |
| typo3 | typo3 | 4.0.8 | |
| typo3 | typo3 | 4.1 | |
| typo3 | typo3 | 4.1.1 | |
| typo3 | typo3 | 4.1.2 | |
| typo3 | typo3 | 4.1.3 | |
| typo3 | typo3 | 4.1.4 | |
| typo3 | typo3 | 4.1.5 | |
| typo3 | typo3 | 4.1.6 | |
| typo3 | typo3 | 4.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:apache_webserver:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5DF97C8-A5E1-4091-A43D-B8F60E0313E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2F271C6-B5A7-4B06-A3DF-4C7F74090CC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "884B4418-83A4-4BCB-8019-306285EB418E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."
},
{
"lang": "es",
"value": "TYPO3 versiones 4.0.x anteriores a 4.0.9, versiones 4.1.x anteriores a 4.1.7, y versiones 4.2.x anteriores a 4.2.1, utiliza un fileDenyPattern predeterminado insuficientemente restrictivo para Apache, que permite a los atacantes remotos omitir las restricciones de seguridad y cargar archivos de configuraci\u00f3n como .htaccess, o conducir ataques de carga de archivos mediante varias extensiones."
}
],
"id": "CVE-2008-2717",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-16T22:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30619"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30660"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3945"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29657"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/30660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-2717 (GCVE-0-2008-2717)
Vulnerability from cvelistv5
Published
2008-06-16 22:00
Modified
2024-08-07 09:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"name": "30619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30619"
},
{
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name": "typo3-filename-file-upload(42988)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
},
{
"name": "DSA-1596",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name": "ADV-2008-1802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name": "30660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30660"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name": "3945",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"name": "30619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30619"
},
{
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name": "typo3-filename-file-upload(42988)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
},
{
"name": "DSA-1596",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name": "ADV-2008-1802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name": "30660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30660"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name": "3945",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3945"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29657"
},
{
"name": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/",
"refsource": "CONFIRM",
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"name": "30619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30619"
},
{
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name": "typo3-filename-file-upload(42988)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
},
{
"name": "DSA-1596",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name": "ADV-2008-1802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name": "30660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30660"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name": "3945",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2717",
"datePublished": "2008-06-16T22:00:00",
"dateReserved": "2008-06-16T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}