CVE-2017-15715
Description
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.
CWE
- (none)
Affected
- Apache Software Foundation / Apache HTTP Server — v=2.4.0 to 2.4.29 [affected]
CVSS
- (none)
References
- https://usn.ubuntu.com/3627-1/ vendor-advisory, x_refsource_UBUNTU
- https://www.debian.org/security/2018/dsa-4164 vendor-advisory, x_refsource_DEBIAN
- https://security.netapp.com/advisory/ntap-20180601-0004/ x_refsource_CONFIRM
- https://access.redhat.com/errata/RHSA-2018:3558 vendor-advisory, x_refsource_REDHAT
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us x_refsource_CONFIRM
- https://access.redhat.com/errata/RHSA-2019:0367 vendor-advisory, x_refsource_REDHAT
- https://usn.ubuntu.com/3627-2/ vendor-advisory, x_refsource_UBUNTU
- http://www.securityfocus.com/bid/103525 vdb-entry, x_refsource_BID
- http://www.securitytracker.com/id/1040570 vdb-entry, x_refsource_SECTRACK
- https://httpd.apache.org/security/vulnerabilities_24.html x_refsource_CONFIRM
- http://www.openwall.com/lists/oss-security/2018/03/24/6 mailing-list, x_refsource_MLIST
- https://access.redhat.com/errata/RHSA-2019:0366 vendor-advisory, x_refsource_REDHAT
- https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://security.elarlang.eu/cve-2017-15715-apache-http-server-filesmatch-bypass-with-a-trailing-newline-at-the-end-of-the-file-name.html x_refsource_MISC
- https://www.tenable.com/security/tns-2019-09 x_refsource_CONFIRM
- https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
- https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E mailing-list, x_refsource_MLIST
Source
cvelistV5-main/cves/2017/15xxx/CVE-2017-15715.json