| Vulnerability Name: | CVE-2010-3663 (CCN-60781) | ||||||||||||
| Assigned: | 2010-07-28 | ||||||||||||
| Published: | 2010-07-28 | ||||||||||||
| Updated: | 2019-11-05 | ||||||||||||
| Summary: | TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend. | ||||||||||||
| CVSS v3 Severity: | 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
| ||||||||||||
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
4.4 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||
| Vulnerability Type: | CWE-434 | ||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2010-3663 Source: CCN Type: SA40742 TYPO3 Multiple Vulnerabilities Source: CCN Type: TYPO3-SA-2010-012 Multiple vulnerabilities in TYPO3 Core Source: DEBIAN Type: DSA-2098 typo3-src -- several vulnerabilities Source: CCN Type: BID-42029 TYPO3 Core TYPO3-SA-2010-012 Multiple Remote Security Vulnerabilities Source: MISC Type: Mailing List, Third Party Advisory https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719 Source: XF Type: UNKNOWN typo3-filedenypattern-file-upload(60781) Source: MISC Type: Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2010-3663 Source: CONFIRM Type: Vendor Advisory https://typo3.org/security/advisory/typo3-sa-2010-012/#Arbitrary_Code_Execution | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| Oval Definitions | |||||||||||||
| |||||||||||||
| BACK | |||||||||||||