Home CVE Database CVE-2017-15715

CVE-2017-15715

Description

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match \'$\' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

Priority: MEDIUM
CVSS v3: 8.1
Publish Date: Mar 26, 2018
Related ID: --
CVSS v2: HIGH
Modified Date: Mar 28, 2018

Find out more about CVE-2017-15715 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

apache

Live chat
Online