CVE-2017-15715

Опубликовано: 26 мар. 2018

Источник: ubuntu

Приоритет: low

CVSS2: 6.8

CVSS3: 8.1

Описание

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

Релиз	Статус	Примечание
artful	released	2.4.27-2ubuntu4.1
bionic	released	2.4.29-1ubuntu4.1
devel	released	2.4.29-1ubuntu4.1
esm-infra-legacy/trusty	released	2.4.7-1ubuntu4.20
esm-infra/bionic	released	2.4.29-1ubuntu4.1
esm-infra/xenial	released	2.4.18-2ubuntu3.8
precise/esm	not-affected
trusty	released	2.4.7-1ubuntu4.20
trusty/esm	released	2.4.7-1ubuntu4.20
upstream	released	2.4.30

Показывать по

Ссылки на источники

6.8 Medium

CVSS2

8.1 High

CVSS3

Связанные уязвимости

CVE-2017-15715

CVSS3: 3.7

redhat

больше 7 лет назад

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

CVE-2017-15715

CVSS3: 8.1

nvd

больше 7 лет назад

CVE-2017-15715

CVSS3: 8.1

debian

больше 7 лет назад

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMat ...

GHSA-p3h3-wpw6-m7vf

CVSS3: 8.1

github

больше 3 лет назад

BDU:2019-04106

CVSS3: 7.3

fstec

больше 7 лет назад

Уязвимость компонента <FilesMatch> веб-сервера Apache HTTP Server, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

6.8 Medium

CVSS2

8.1 High

CVSS3

CVE-2017-15715

Описание

Пакет apache2

Ссылки на источники

Связанные уязвимости