Moderate severityNVD Advisory· Published Jun 16, 2008· Updated Jun 16, 2026
CVE-2008-2717
CVE-2008-2717
Description
TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote attackers to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typo3/cms-corePackagist | >= 4.0.0, < 4.0.9 | 4.0.9 |
typo3/cms-corePackagist | >= 4.1.0, < 4.1.7 | 4.1.7 |
typo3/cms-corePackagist | >= 4.2.0, < 4.2.1 | 4.2.1 |
Affected products
19- cpe:2.3:a:apache:apache_webserver:*:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*+ 16 more
- cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
19- secunia.com/advisories/30619nvdVendor Advisory
- secunia.com/advisories/30660nvdVendor Advisory
- github.com/advisories/GHSA-f35p-hcwf-9f9fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2008-2717ghsaADVISORY
- buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypatternghsaWEB
- typo3.org/teams/security/security-bulletins/typo3-20080611-1ghsaWEB
- www.debian.org/security/2008/dsa-1596nvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/42988nvdWEB
- web.archive.org/web/20080815050856/http://securityreason.com/securityalert/3945ghsaWEB
- web.archive.org/web/20081201212626/http://secunia.com/advisories/30619ghsaWEB
- web.archive.org/web/20081206030529/http://secunia.com/advisories/30660ghsaWEB
- web.archive.org/web/20200228131005/http://www.securityfocus.com/bid/29657ghsaWEB
- web.archive.org/web/20201208012148/http://www.securityfocus.com/archive/1/493270/100/0/threadedghsaWEB
- buzz.typo3.org/teams/security/article/advice-on-core-security-issue-regarding-filedenypattern/nvd
- securityreason.com/securityalert/3945nvd
- typo3.org/teams/security/security-bulletins/typo3-20080611-1/nvd
- www.securityfocus.com/archive/1/493270/100/0/threadednvd
- www.securityfocus.com/bid/29657nvd
- www.vupen.com/english/advisories/2008/1802nvd
News mentions
0No linked articles in our index yet.