Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-15715

Опубликовано: 26 мар. 2018
Источник: ubuntu
Приоритет: low
EPSS Критический
CVSS2: 6.8
CVSS3: 8.1

Описание

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

РелизСтатусПримечание
artful

released

2.4.27-2ubuntu4.1
bionic

released

2.4.29-1ubuntu4.1
devel

released

2.4.29-1ubuntu4.1
esm-infra-legacy/trusty

released

2.4.7-1ubuntu4.20
esm-infra/bionic

released

2.4.29-1ubuntu4.1
esm-infra/xenial

released

2.4.18-2ubuntu3.8
precise/esm

not-affected

trusty

released

2.4.7-1ubuntu4.20
trusty/esm

released

2.4.7-1ubuntu4.20
upstream

released

2.4.30

Показывать по

Ссылки на источники

EPSS

Процентиль: 100%
0.94103
Критический

6.8 Medium

CVSS2

8.1 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2017-15715

CVSS3: 3.7
redhat
около 8 лет назад

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

nvd логотип

CVE-2017-15715

CVSS3: 8.1
nvd
около 8 лет назад

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

debian логотип

CVE-2017-15715

CVSS3: 8.1
debian
около 8 лет назад

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMat ...

github логотип

GHSA-p3h3-wpw6-m7vf

CVSS3: 8.1
github
почти 4 года назад

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

fstec логотип

BDU:2019-04106

CVSS3: 7.3
fstec
около 8 лет назад

Уязвимость компонента <FilesMatch> веб-сервера Apache HTTP Server, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 100%
0.94103
Критический

6.8 Medium

CVSS2

8.1 High

CVSS3