3 matches found
httpd: <FilesMatch> bypass with a trailing newline in the file name
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...
Security fix for the ALT Linux 9 package apache2 version 1:2.4.33-alt1
March 31, 2018 Anton Farygin 1:2.4.33-alt1 - 2.4.33 - fixes: CVE-2018-1303 low: Possible out of bound read in modcachesocache CVE-2018-1302 low: Possible write of after free on HTTP/2 stream shutdown CVE-2018-1301 low: Possible out of bound access after failure in reading the HTTP request...
UBUNTU-CVE-2017-15715
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...