Russian Vulnerability Scanner Database

Back to List

CVE-2017-15715

Scores

EPSS

0.941high94.1%
0%20%40%60%80%100%

Percentile: 94.1%

CVSS

3.7low3.x
0246810

CVSS Score: 3.7/10

All CVSS Scores

CVSS 3.x
3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

CVSS 2.0
6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match ‘$’ to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

astradebiannvdredhatubuntu

CWEs

CWE-20CWE-787

Related Vulnerabilities

BDU:2019-04106

Exploits

Exploit ID: CVE-2017-15715

Source: github-poc

URL: https://github.com/whisp1830/CVE-2017-15715

Vulnerable Software (49)

Type: Configuration

Product: apache2

Operating System: ubuntu artful 17.10

Trait: 
{  "fixed": "2.4.27-2ubuntu4.1"}

Source: ubuntu

Type: Configuration

Product: apache2

Operating System: ubuntu bionic 18.04

Trait: 
{  "fixed": "2.4.29-1ubuntu4.1"}

Source: ubuntu

Type: Configuration

Product: apache2

Operating System: ubuntu trusty 14.04

Trait: 
{  "fixed": "2.4.7-1ubuntu4.20"}

Source: ubuntu

Type: Configuration

Product: apache2

Operating System: ubuntu xenial 16.04

Trait: 
{  "fixed": "2.4.18-2ubuntu3.8"}

Source: ubuntu

Type: Configuration

Product: apache2

Operating System: astra 1.6.3

Trait: 
{  "unaffected": true}

Source: astra

Type: Configuration

Product: apache2

Operating System: debian

Trait: 
{  "fixed": "2.4.33-1"}

Source: debian

Type: Configuration

Product: apache2

Operating System: debian wheezy 7

Trait: 
{  "unaffected": true}

Source: debian

Type: Configuration

Product: httpd

Operating System: rhel 7

Trait: 
{  "fixed": "2.4.6-95.el7"}

Source: redhat

Type: Configuration

Product: httpd24-curl

Operating System: rhel

Trait: 
{  "fixed": "7.61.1-1.el6"}

Source: redhat

Type: Configuration

Product: httpd24-curl

Operating System: rhel

Trait: 
{  "fixed": "7.61.1-1.el7"}

Source: redhat

Type: Configuration

Product: httpd24-curl

Operating System: rhel

Trait: 
{  "fixed": "7.61.1-1.el7"}

Source: redhat

Type: Configuration

Product: httpd24-curl

Operating System: rhel

Trait: 
{  "fixed": "7.61.1-1.el7"}

Source: redhat

Type: Configuration

Product: httpd24-curl

Operating System: rhel

Trait: 
{  "fixed": "7.61.1-1.el7"}

Source: redhat

Type: Configuration

Product: httpd24-httpd

Operating System: rhel

Trait: 
{  "fixed": "2.4.34-7.el6"}

Source: redhat

Type: Configuration

Product: httpd24-httpd

Operating System: rhel

Trait: 
{  "fixed": "2.4.34-7.el7"}

Source: redhat

Type: Configuration

Product: httpd24-httpd

Operating System: rhel

Trait: 
{  "fixed": "2.4.34-7.el7"}

Source: redhat

Type: Configuration

Product: httpd24-httpd

Operating System: rhel

Trait: 
{  "fixed": "2.4.34-7.el7"}

Source: redhat

Type: Configuration

Product: httpd24-httpd

Operating System: rhel

Trait: 
{  "fixed": "2.4.34-7.el7"}

Source: redhat

Type: Configuration

Product: httpd24-nghttp2

Operating System: rhel

Trait: 
{  "fixed": "1.7.1-7.el7"}

Source: redhat

Type: Configuration

Product: httpd24-nghttp2

Operating System: rhel

Trait: 
{  "fixed": "1.7.1-7.el7"}

Source: redhat