{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-06-11T00:00:00", "descriptions": [{"lang": "en", "value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "29657", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29657"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"}, {"name": "30619", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30619"}, {"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"}, {"name": "typo3-filename-file-upload(42988)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"}, {"name": "DSA-1596", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1596"}, {"name": "ADV-2008-1802", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1802"}, {"name": "30660", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30660"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"}, {"name": "3945", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3945"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2717", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "29657", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29657"}, {"name": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/", "refsource": "CONFIRM", "url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"}, {"name": "30619", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30619"}, {"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"}, {"name": "typo3-filename-file-upload(42988)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"}, {"name": "DSA-1596", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1596"}, {"name": "ADV-2008-1802", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1802"}, {"name": "30660", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30660"}, {"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/", "refsource": "CONFIRM", "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"}, {"name": "3945", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3945"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:14:14.521Z"}, "title": "CVE Program Container", "references": [{"name": "29657", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29657"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"}, {"name": "30619", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30619"}, {"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"}, {"name": "typo3-filename-file-upload(42988)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"}, {"name": "DSA-1596", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1596"}, {"name": "ADV-2008-1802", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1802"}, {"name": "30660", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30660"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"}, {"name": "3945", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3945"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2717", "datePublished": "2008-06-16T22:00:00", "dateReserved": "2008-06-16T00:00:00", "dateUpdated": "2024-08-07T09:14:14.521Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:apache_webserver:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5DF97C8-A5E1-4091-A43D-B8F60E0313E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "C2F271C6-B5A7-4B06-A3DF-4C7F74090CC8", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "884B4418-83A4-4BCB-8019-306285EB418E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."}, {"lang": "es", "value": "TYPO3 versiones 4.0.x anteriores a 4.0.9, versiones 4.1.x anteriores a 4.1.7, y versiones 4.2.x anteriores a 4.2.1, utiliza un fileDenyPattern predeterminado insuficientemente restrictivo para Apache, que permite a los atacantes remotos omitir las restricciones de seguridad y cargar archivos de configuraci\u00f3n como .htaccess, o conducir ataques de carga de archivos mediante varias extensiones."}], "id": "CVE-2008-2717", "lastModified": "2018-10-11T20:42:37.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-06-16T22:41:00.000", "references": [{"source": "cve@mitre.org", "url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30619"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30660"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3945"}, {"source": "cve@mitre.org", "url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1596"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29657"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1802"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}