CVE-2008-2717

N/A Unknown
Published: June 16, 2008 Modified: April 23, 2026
View on NVD

Description

TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/
Source: cve@mitre.org
http://secunia.com/advisories/30619
Source: cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/30660
Source: cve@mitre.org
Vendor Advisory
http://securityreason.com/securityalert/3945
Source: cve@mitre.org
http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/
Source: cve@mitre.org
http://www.debian.org/security/2008/dsa-1596
Source: cve@mitre.org
http://www.securityfocus.com/archive/1/493270/100/0/threaded
Source: cve@mitre.org
http://www.securityfocus.com/bid/29657
Source: cve@mitre.org
http://www.vupen.com/english/advisories/2008/1802
Source: cve@mitre.org
https://exchange.xforce.ibmcloud.com/vulnerabilities/42988
Source: cve@mitre.org
http://buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/30619
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/30660
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securityreason.com/securityalert/3945
Source: af854a3a-2127-422b-91ae-364da2661108
http://typo3.org/teams/security/security-bulletins/typo3-20080611-1/
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2008/dsa-1596
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/493270/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/29657
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.vupen.com/english/advisories/2008/1802
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/42988
Source: af854a3a-2127-422b-91ae-364da2661108

20 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.2%
44th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

apache typo3

Related CVEs

CVE-2026-42615 7.2
CVE-2026-23773 4.3
CVE-2026-40560 N/A
CVE-2026-7363 N/A
CVE-2026-7361 N/A