Show plain JSON{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-11T00:00:00", "descriptions": [{"lang": "en", "value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "29657", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29657"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"}, {"name": "30619", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30619"}, {"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"}, {"name": "typo3-filename-file-upload(42988)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"}, {"name": "DSA-1596", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1596"}, {"name": "ADV-2008-1802", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1802"}, {"name": "30660", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30660"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"}, {"name": "3945", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3945"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2717", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "29657", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29657"}, {"name": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/", "refsource": "CONFIRM", "url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"}, {"name": "30619", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30619"}, {"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"}, {"name": "typo3-filename-file-upload(42988)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"}, {"name": "DSA-1596", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1596"}, {"name": "ADV-2008-1802", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1802"}, {"name": "30660", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30660"}, {"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/", "refsource": "CONFIRM", "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"}, {"name": "3945", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3945"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:14:14.521Z"}, "title": "CVE Program Container", "references": [{"name": "29657", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29657"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"}, {"name": "30619", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30619"}, {"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"}, {"name": "typo3-filename-file-upload(42988)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"}, {"name": "DSA-1596", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1596"}, {"name": "ADV-2008-1802", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1802"}, {"name": "30660", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30660"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"}, {"name": "3945", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3945"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2717", "datePublished": "2008-06-16T22:00:00", "dateReserved": "2008-06-16T00:00:00", "dateUpdated": "2024-08-07T09:14:14.521Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}