Description

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

Remediation

References

CVE-2008-2717

Related Vulnerabilities

WordPress Improper Input Validation Vulnerability (CVE-2018-1000773)

WordPress Plugin Sliding Social Icons Cross-Site Request Forgery (1.61)

WordPress Plugin User Submitted Posts Cross-Site Scripting (20151113)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0203)

IBM RTC Inadequate Encryption Strength Vulnerability (CVE-2017-1701)

Severity

Medium

Classification

CVE-2008-2717 CWE-264

Tags

Missing Update Known Vulnerabilities