TYPO3 4.0.x prior to 4.0.9, 4.1.x prior to 4.1.7, and 4.2.x prior to 4.2.1, uses an insufficiently restrictive default fileDenyPattern for Apache, which allows remote malicious users to bypass security restrictions and upload configuration files such as .htaccess, or conduct file upload attacks using multiple extensions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
typo3 typo3 4.0.2 |
||
typo3 typo3 4.0.3 |
||
typo3 typo3 4.0.4 |
||
typo3 typo3 4.1.2 |
||
typo3 typo3 4.1.3 |
||
typo3 typo3 4.0.5 |
||
typo3 typo3 4.0.6 |
||
typo3 typo3 4.1.4 |
||
typo3 typo3 4.1.5 |
||
apache apache webserver |
||
typo3 typo3 4.0.7 |
||
typo3 typo3 4.0.8 |
||
typo3 typo3 4.1.6 |
||
typo3 typo3 4.2 |
||
typo3 typo3 4.0 |
||
typo3 typo3 4.0.1 |
||
typo3 typo3 4.1 |
||
typo3 typo3 4.1.1 |