CVE-2017-15715

MEDIUM

Description

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

References

http://www.openwall.com/lists/oss-security/2018/03/24/6

http://www.securityfocus.com/bid/103525

http://www.securitytracker.com/id/1040570

https://access.redhat.com/errata/RHSA-2018:3558

https://access.redhat.com/errata/RHSA-2019:0366

https://access.redhat.com/errata/RHSA-2019:0367

https://httpd.apache.org/security/vulnerabilities_24.html

https://security.netapp.com/advisory/ntap-20180601-0004/

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us

https://usn.ubuntu.com/3627-1/

https://usn.ubuntu.com/3627-2/

https://www.debian.org/security/2018/dsa-4164

Details

Source: MITRE

Published: 2018-03-26

Updated: 2019-04-22

Type: CWE-20

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Vulnerable Software

ID	Name	Product	Family	Severity
125279	EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1560)	Nessus	Huawei Local Security Checks	medium
122292	RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 (RHSA-2019:0367)	Nessus	Red Hat Local Security Checks	medium
122060	Apache 2.4.x < 2.4.33 Multiple Vulnerabilities	Nessus	Web Servers	medium
121822	Photon OS 1.0: Httpd PHSA-2018-1.0-0126	Nessus	PhotonOS Local Security Checks	high
121275	EulerOS Virtualization 2.5.1 : httpd (EulerOS-SA-2019-1015)	Nessus	Huawei Local Security Checks	medium
98914	Apache 2.4.x < 2.4.33 Multiple Vulnerabilities	Web Application Scanning	Component Vulnerability	medium
120484	Fedora 28 : httpd (2018-6744ca470d)	Nessus	Fedora Local Security Checks	medium
118251	SUSE SLES12 Security Update : apache2 (SUSE-SU-2018:1161-2)	Nessus	SuSE Local Security Checks	medium
111930	Photon OS 1.0: Binutils / Httpd / Mercurial / Mysql / Net / Paramiko / Patch / Pycrypto / Python3 / Sqlite / Strongswan / Xerces PHSA-2018-1.0-0126 (deprecated)	Nessus	PhotonOS Local Security Checks	high
110877	EulerOS 2.0 SP3 : httpd (EulerOS-SA-2018-1213)	Nessus	Huawei Local Security Checks	medium
110156	EulerOS 2.0 SP2 : httpd (EulerOS-SA-2018-1152)	Nessus	Huawei Local Security Checks	medium
110155	EulerOS 2.0 SP1 : httpd (EulerOS-SA-2018-1151)	Nessus	Huawei Local Security Checks	medium
109745	Fedora 26 : httpd (2018-e6d9251471)	Nessus	Fedora Local Security Checks	medium
109664	openSUSE Security Update : apache2 (openSUSE-2018-438)	Nessus	SuSE Local Security Checks	medium
109598	SUSE SLES12 Security Update : apache2 (SUSE-SU-2018:1161-1)	Nessus	SuSE Local Security Checks	medium
109555	Amazon Linux AMI : httpd24 (ALAS-2018-1004)	Nessus	Amazon Linux Local Security Checks	medium
109466	Ubuntu 18.04 LTS : apache2 vulnerabilities (USN-3627-2)	Nessus	Ubuntu Local Security Checks	medium
109199	Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : apache2 vulnerabilities (USN-3627-1)	Nessus	Ubuntu Local Security Checks	medium
108945	SUSE SLES12 Security Update : apache2 (SUSE-SU-2018:0901-1)	Nessus	SuSE Local Security Checks	medium
108876	SUSE SLES12 Security Update : apache2 (SUSE-SU-2018:0879-1)	Nessus	SuSE Local Security Checks	medium
108856	Fedora 27 : httpd (2018-375e3244b6)	Nessus	Fedora Local Security Checks	medium
108816	Debian DSA-4164-1 : apache2 - security update	Nessus	Debian Local Security Checks	medium
108758	Apache 2.4.x < 2.4.33 Multiple Vulnerabilities	Nessus	Web Servers	medium
108626	FreeBSD : apache -- multiple vulnerabilities (f38187e7-2f6e-11e8-8f07-b499baebfeaf)	Nessus	FreeBSD Local Security Checks	medium