CVE-2008-2717

medium

Apache

CVSS v3 Base Score

6.5

AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS Score

0.2%

Exploitation probability in 30 days

Top 56% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: June 16, 2008 (6540 days ago)

Last Modified: April 23, 2026

Vendor: Apache

Source: NVD

Description

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

CWE

CWE-264

Affected Products

apache apache webservertypo3 typo3

References

🔗 buzz.typo3.org 🔗 secunia.com 🔗 secunia.com 🔗 securityreason.com 🔗 typo3.org

CVE-2008-2717

Vulnerability Report

Description

CWE

Affected Products

References