In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match ‘$’ to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

References

bugzilla.redhat.com/show_bug.cgi?id=1560614

httpd.apache.org/security/vulnerabilities_24.html

ibm 20

checkpoint_advisories 1

f5 1

alpinelinux 1

nuclei 1

veracode 4

nessus 34

cve 1

prion 1

ubuntucve 1

debiancve 1

osv 2

httpd 1

openvas 17

attackerkb 1

debian 2

ubuntu 2

suse 2

fedora 3

oraclelinux 1

redhat 4

centos 1

altlinux 3

archlinux 1

kaspersky 1

freebsd 1

amazon 1

mageia 1

symantec 1

photon 2

ibm

Security Bulletin: Vulnerability in HTTPD affects IBM Integrated Analytics System

2020-11-12 06:06:56

Security Bulletin: Multiple vulnerabilities have been identified in IBM HTTP Server shipped with IBM Tivoli Security Policy Manager (CVE-2018-1301, CVE-2017-15715, CVE-2017-15710)

2018-06-16 22:06:30

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Tivoli Federated Identity Manager and IBM Tivoli Federated Identity Manager Business Gateway

2018-06-16 22:06:23

checkpoint_advisories

Apache httpd FilesMatch Directive Security Restriction Bypass (CVE-2017-15715)

2018-05-30 00:00:00

K27757011 : Apache HTTPD vulnerability CVE-2017-15715

2018-04-05 00:00:00

alpinelinux

CVE-2017-15715

2018-03-26 15:29:00

nuclei

Apache httpd <=2.4.29 - Arbitrary File Upload

2021-04-23 13:34:52

veracode

Privilege Escalation

2019-05-16 03:21:40

Denial Of Service

2019-05-16 03:38:52

Path Traversal

2019-05-16 03:38:52

nessus

EulerOS Virtualization 3.0.1.0 : httpd (EulerOS-SA-2019-1560)

2019-05-20 00:00:00

IBM HTTP Server 7.0.0.0 <= 7.0.0.43 / 8.0.0.0 <= 8.0.0.14 / 8.5.0.0 < 8.5.5.14 / 9.0.0.0 < 9.0.0.8 Multiple Vulnerabilities (569295)

2021-01-06 00:00:00

EulerOS 2.0 SP2 : httpd (EulerOS-SA-2018-1152)

2018-05-29 00:00:00

cve

CVE-2017-15715

2018-03-26 15:29:00

prion

Code injection

2018-03-26 15:29:00

ubuntucve

CVE-2017-15715

2018-03-26 00:00:00

debiancve

CVE-2017-15715

2018-03-26 15:29:00

osv

CVE-2017-15715

2018-03-26 15:29:00

apache2 - security update

2018-04-03 00:00:00

httpd

Apache Httpd < 2.4.33 : <FilesMatch> bypass with a trailing newline in the file name

2017-11-24 00:00:00

openvas

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2019-1560)

2020-01-23 00:00:00

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2018-1151)

2020-01-23 00:00:00

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2018-1152)

2020-01-23 00:00:00

attackerkb

CVE-2017-15715

2018-03-26 00:00:00

debian

[SECURITY] [DSA 4164-1] apache2 security update

2018-04-03 16:02:15

[SECURITY] [DSA 4164-1] apache2 security update

2018-04-03 16:02:15

ubuntu

Apache HTTP Server vulnerabilities

2018-04-30 00:00:00

Apache HTTP Server vulnerabilities

2018-04-19 00:00:00

suse

Security update for apache2 (important)

2018-04-09 03:07:20

Security update for apache2 (important)

2018-04-05 21:09:45

fedora

[SECURITY] Fedora 27 Update: httpd-2.4.33-2.fc27

2018-04-05 23:59:00

[SECURITY] Fedora 28 Update: httpd-2.4.33-2.fc28

2018-04-05 11:50:14

[SECURITY] Fedora 26 Update: httpd-2.4.33-4.fc26

2018-05-12 18:27:28

oraclelinux

httpd security, bug fix, and enhancement update

2020-10-06 00:00:00

redhat

(RHSA-2020:3958) Moderate: httpd security, bug fix, and enhancement update

2020-09-29 07:46:42

(RHSA-2019:0367) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update

2019-02-18 16:47:10

(RHSA-2019:0366) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1 security update

2019-02-18 16:45:31

centos

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

2020-10-20 18:13:33

altlinux

Security fix for the ALT Linux 9 package apache2 version 1:2.4.33-alt1

2018-03-31 00:00:00

Security fix for the ALT Linux 10 package apache2 version 1:2.4.33-alt1

2018-03-31 00:00:00

Security fix for the ALT Linux 8 package apache2 version 1:2.4.33-alt1

2018-03-31 00:00:00

archlinux

[ASA-201804-4] apache: multiple issues

2018-04-04 00:00:00

kaspersky

KLA12361 Multiple vulnerabilities in Apache HTTP Server

2018-03-21 00:00:00

freebsd

apache -- multiple vulnerabilities

2018-03-23 00:00:00

amazon

Medium: httpd24

2018-05-03 16:29:00

mageia

Updated apache packages fix security vulnerabilities

2018-11-20 14:11:24

symantec

Apache HTTP Server Vulnerabilities Jul 2017 - Sep 2018

2018-11-07 08:01:01

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0126

2018-04-24 00:00:00

Critical Photon OS Security Update - PHSA-2018-0126

2018-04-24 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

Related for RH:CVE-2017-15715