Search criteria
2 vulnerabilities found for apache_webserver by apache
CVE-2008-2717 (GCVE-0-2008-2717)
Vulnerability from nvd – Published: 2008-06-16 22:00 – Updated: 2024-08-07 09:14
VLAI
Summary
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/29657 | vdb-entryx_refsource_BID |
| http://buzz.typo3.org/teams/security/article/advi… | x_refsource_CONFIRM |
| http://secunia.com/advisories/30619 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/493270/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.debian.org/security/2008/dsa-1596 | vendor-advisoryx_refsource_DEBIAN |
| http://www.vupen.com/english/advisories/2008/1802 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/30660 | third-party-advisoryx_refsource_SECUNIA |
| http://typo3.org/teams/security/security-bulletin… | x_refsource_CONFIRM |
| http://securityreason.com/securityalert/3945 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"name": "30619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30619"
},
{
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name": "typo3-filename-file-upload(42988)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
},
{
"name": "DSA-1596",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name": "ADV-2008-1802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name": "30660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30660"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name": "3945",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"name": "30619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30619"
},
{
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name": "typo3-filename-file-upload(42988)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
},
{
"name": "DSA-1596",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name": "ADV-2008-1802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name": "30660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30660"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name": "3945",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3945"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29657"
},
{
"name": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/",
"refsource": "CONFIRM",
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"name": "30619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30619"
},
{
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name": "typo3-filename-file-upload(42988)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
},
{
"name": "DSA-1596",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name": "ADV-2008-1802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name": "30660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30660"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name": "3945",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2717",
"datePublished": "2008-06-16T22:00:00.000Z",
"dateReserved": "2008-06-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:14:14.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2717 (GCVE-0-2008-2717)
Vulnerability from cvelistv5 – Published: 2008-06-16 22:00 – Updated: 2024-08-07 09:14
VLAI
Summary
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/29657 | vdb-entryx_refsource_BID |
| http://buzz.typo3.org/teams/security/article/advi… | x_refsource_CONFIRM |
| http://secunia.com/advisories/30619 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/493270/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.debian.org/security/2008/dsa-1596 | vendor-advisoryx_refsource_DEBIAN |
| http://www.vupen.com/english/advisories/2008/1802 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/30660 | third-party-advisoryx_refsource_SECUNIA |
| http://typo3.org/teams/security/security-bulletin… | x_refsource_CONFIRM |
| http://securityreason.com/securityalert/3945 | third-party-advisoryx_refsource_SREASON |
Date Public
2008-06-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"name": "30619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30619"
},
{
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name": "typo3-filename-file-upload(42988)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
},
{
"name": "DSA-1596",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name": "ADV-2008-1802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name": "30660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30660"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name": "3945",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "29657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"name": "30619",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30619"
},
{
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name": "typo3-filename-file-upload(42988)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
},
{
"name": "DSA-1596",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name": "ADV-2008-1802",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name": "30660",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30660"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name": "3945",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3945"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29657"
},
{
"name": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/",
"refsource": "CONFIRM",
"url": "http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/"
},
{
"name": "30619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30619"
},
{
"name": "20080611 TYPO3 Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/493270/100/0/threaded"
},
{
"name": "typo3-filename-file-upload(42988)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42988"
},
{
"name": "DSA-1596",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1596"
},
{
"name": "ADV-2008-1802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1802"
},
{
"name": "30660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30660"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/"
},
{
"name": "3945",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3945"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2717",
"datePublished": "2008-06-16T22:00:00.000Z",
"dateReserved": "2008-06-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:14:14.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}