CVE-2017-15715

HIGH EXPLOITED IN THE WILD NUCLEI

Apache httpd <=2.4.29 - Arbitrary File Upload

Title source: nuclei

Description

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

Exploits (1)

nomisec STUB

by whisp1830 · poc

https://github.com/whisp1830/CVE-2017-15715

View Code ZIP pw:eip

Nuclei Templates (1)

Apache httpd <=2.4.29 - Arbitrary File Upload

HIGHby geeknik

Shodan: cpe:"cpe:2.3:a:apache:http_server" || apache 2.4.49

References (27)

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2018/03/24/6

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103525

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040570

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2018:3558

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:0366

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2019:0367

[Vendor Advisory] https://httpd.apache.org/security/vulnerabilities_24.html

[Various Sources] https://security.elarlang.eu/cve-2017-15715-apache-http-server-filesmatch-bypass-with-a-trailing-newline-at-the-end-of-the-file-name.html

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20180601-0004/

[Third Party Advisory] https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us

[Third Party Advisory] https://usn.ubuntu.com/3627-1/

[Third Party Advisory] https://usn.ubuntu.com/3627-2/

[Third Party Advisory] https://www.debian.org/security/2018/dsa-4164

[Third Party Advisory] https://www.tenable.com/security/tns-2019-09

[Mailing List] https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

... and 7 more

Scores

CVSS v3 8.1

EPSS 0.9410

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2022-02-22

InTheWild.io 2022-02-22

CWE

CWE-20

Status published

Products (16)

apache/http_server 2.4.0 - 2.4.29

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 16.04

canonical/ubuntu_linux 17.10

canonical/ubuntu_linux 18.04

debian/debian_linux 8.0

debian/debian_linux 9.0

netapp/clustered_data_ontap

netapp/santricity_cloud_connector

netapp/storage_automation_store

... and 6 more

Published Mar 26, 2018

Tracked Since Feb 18, 2026