CVE-2017-15715

high

Description

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

References

https://httpd.apache.org/security/vulnerabilities_24.html

http://www.openwall.com/lists/oss-security/2018/03/24/6

http://www.securitytracker.com/id/1040570

http://www.securityfocus.com/bid/103525

https://www.debian.org/security/2018/dsa-4164

https://usn.ubuntu.com/3627-1/

https://usn.ubuntu.com/3627-2/

https://security.netapp.com/advisory/ntap-20180601-0004/

https://access.redhat.com/errata/RHSA-2018:3558

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us

https://access.redhat.com/errata/RHSA-2019:0367

https://access.redhat.com/errata/RHSA-2019:0366

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://security.elarlang.eu/cve-2017-15715-apache-http-server-filesmatch-bypass-with-a-trailing-newline-at-the-end-of-the-file-name.html

https://www.tenable.com/security/tns-2019-09

https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2018-03-26

Updated: 2021-06-06

Type: CWE-20

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH