CVE-2017-15715
Description
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match $ to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.
Risk Information
Base Score
8.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
94.023
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Apache to version 2.4.33 | Windows |
| Multiple vulnerabilities are fixed in Apache 2.4.33 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.2.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Tivoli Monitoring 6.3.0 | Windows |
| Apache HTTP server (USN-3425-1) apache2-bin_2.4.18-2ubuntu3.8_amd64.deb | Linux |
| Apache HTTP server (USN-3425-1) apache2-bin_2.4.18-2ubuntu3.8_i386.deb | Linux |
| Apache HTTP server (USN-3370-1) apache2-bin_2.4.18-2ubuntu3.8_amd64.deb | Linux |
| Apache HTTP server (USN-3370-1) apache2-bin_2.4.18-2ubuntu3.8_i386.deb | Linux |
| Apache HTTP server (USN-3627-1) apache2-bin_2.4.18-2ubuntu3.8_i386.deb | Linux |
| Apache HTTP server (USN-3627-1) apache2-bin_2.4.18-2ubuntu3.8_amd64.deb | Linux |
| Apache HTTP server (USN-3627-1) apache2-bin_2.4.7-1ubuntu4.20_i386.deb | Linux |
| Apache HTTP server (USN-3627-1) apache2-bin_2.4.7-1ubuntu4.20_amd64.deb | Linux |
| Apache HTTP server (USN-3627-2) apache2-bin_2.4.29-1ubuntu4.1_i386.deb | Linux |
| Apache HTTP server (USN-3627-2) apache2-bin_2.4.29-1ubuntu4.1_amd64.deb | Linux |
| apache2 security update(DSA-4164-1) apache2_2.4.25-3+deb9u4_i386.deb | Linux |
| apache2 security update(DSA-4164-1) apache2_2.4.25-3+deb9u4_amd64.deb | Linux |
| (RHSA-2020:3958) httpd security, bug fix, and enhancement update httpd-2.4.6-95.el7.x86_64.rpm | Linux |
| (RHSA-2020:3958) httpd security, bug fix, and enhancement update httpd-devel-2.4.6-95.el7.x86_64.rpm | Linux |
| (RHSA-2020:3958) httpd security, bug fix, and enhancement update httpd-manual-2.4.6-95.el7.noarch.rpm | Linux |
| (RHSA-2020:3958) httpd security, bug fix, and enhancement update httpd-tools-2.4.6-95.el7.x86_64.rpm | Linux |
| (RHSA-2020:3958) httpd security, bug fix, and enhancement update mod_ldap-2.4.6-95.el7.x86_64.rpm | Linux |
| (RHSA-2020:3958) httpd security, bug fix, and enhancement update mod_proxy_html-2.4.6-95.el7.x86_64.rpm | Linux |
| (RHSA-2020:3958) httpd security, bug fix, and enhancement update mod_session-2.4.6-95.el7.x86_64.rpm | Linux |
| (RHSA-2020:3958) httpd security, bug fix, and enhancement update mod_ssl-2.4.6-95.el7.x86_64.rpm | Linux |
| Update Apache to version 2.4.33 (For Linux) | Linux |
| Improper Input Validation Vulnerability (CVE-2017-15715) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234