Vulnonym.org

CVE-2008-2717 - Mincing Japanese Chin

Description

TYPO3 4.0.x before 4.0.9 4.1.x before 4.1.7 and 4.2.x before 4.2.1 uses an insufficiently restrictive default fileDenyPattern for Apache which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess or conduct file upload attacks using multiple extensions.

Reference

http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/ http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/ http://www.debian.org/security/2008/dsa-1596 http://secunia.com/advisories/30619 http://secunia.com/advisories/30660 http://securityreason.com/securityalert/3945 http://www.securityfocus.com/bid/29657 http://www.vupen.com/english/advisories/2008/1802 https://exchange.xforce.ibmcloud.com/vulnerabilities/42988 http://www.securityfocus.com/archive/1/493270/100/0/threaded