CVE-2008-2717

2008-06-16T22:41:00
ID CVE-2008-2717
Type cve
Reporter cve@mitre.org
Modified 2018-10-11T20:42:00

Description

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.