UBUNTU-CVE-2017-15715
- Source
- https://ubuntu.com/security/CVE-2017-15715
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-15715.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-15715
- Related
- Published
- 2018-03-26T00:00:00Z
- Modified
- 2025-01-13T10:21:27Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.
- References
Affected packages
Ubuntu:14.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.7-1ubuntu4.20?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.7-1ubuntu4.20
Affected versions
2.*
2.4.6-2ubuntu2
2.4.6-2ubuntu3
2.4.6-2ubuntu4
2.4.7-1ubuntu1
2.4.7-1ubuntu2
2.4.7-1ubuntu3
2.4.7-1ubuntu4
2.4.7-1ubuntu4.1
2.4.7-1ubuntu4.4
2.4.7-1ubuntu4.5
2.4.7-1ubuntu4.6
2.4.7-1ubuntu4.7
2.4.7-1ubuntu4.8
2.4.7-1ubuntu4.9
2.4.7-1ubuntu4.10
2.4.7-1ubuntu4.11
2.4.7-1ubuntu4.13
2.4.7-1ubuntu4.15
2.4.7-1ubuntu4.16
2.4.7-1ubuntu4.17
2.4.7-1ubuntu4.18
2.4.7-1ubuntu4.19
Ecosystem specific
{
"ubuntu_priority": "low",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-bin-dbgsym",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-dbg",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-dev",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-doc",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-mpm-event",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-mpm-itk",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-mpm-prefork",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-mpm-worker",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-suexec",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-suexec-custom-dbgsym",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-suexec-pristine-dbgsym",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2-utils-dbgsym",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "apache2.2-bin",
"binary_version": "2.4.7-1ubuntu4.20"
},
{
"binary_name": "libapache2-mod-macro",
"binary_version": "1:2.4.7-1ubuntu4.20"
},
{
"binary_name": "libapache2-mod-proxy-html",
"binary_version": "1:2.4.7-1ubuntu4.20"
}
],
"availability": "No subscription required"
}
Ubuntu:16.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.18-2ubuntu3.8?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.18-2ubuntu3.8
Affected versions
2.*
2.4.12-2ubuntu2
2.4.17-1ubuntu1
2.4.17-2ubuntu1
2.4.17-3ubuntu1
2.4.18-1ubuntu1
2.4.18-2ubuntu1
2.4.18-2ubuntu2
2.4.18-2ubuntu3
2.4.18-2ubuntu3.1
2.4.18-2ubuntu3.2
2.4.18-2ubuntu3.3
2.4.18-2ubuntu3.4
2.4.18-2ubuntu3.5
2.4.18-2ubuntu3.7
Ecosystem specific
{
"ubuntu_priority": "low",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.18-2ubuntu3.8"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.18-2ubuntu3.8"
},
{
"binary_name": "apache2-bin-dbgsym",
"binary_version": "2.4.18-2ubuntu3.8"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.18-2ubuntu3.8"
},
{
"binary_name": "apache2-dbg",
"binary_version": "2.4.18-2ubuntu3.8"
},
{
"binary_name": "apache2-dbgsym",
"binary_version": "2.4.18-2ubuntu3.8"
},
{
"binary_name": "apache2-dev",
"binary_version": "2.4.18-2ubuntu3.8"
},
{
"binary_name": "apache2-dev-dbgsym",
"binary_version": "2.4.18-2ubuntu3.8"
},
{
"binary_name": "apache2-doc",
"binary_version": "2.4.18-2ubuntu3.8"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.18-2ubuntu3.8"
},
{
"binary_name": "apache2-suexec-custom-dbgsym",
"binary_version": "2.4.18-2ubuntu3.8"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.18-2ubuntu3.8"
},
{
"binary_name": "apache2-suexec-pristine-dbgsym",
"binary_version": "2.4.18-2ubuntu3.8"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.18-2ubuntu3.8"
},
{
"binary_name": "apache2-utils-dbgsym",
"binary_version": "2.4.18-2ubuntu3.8"
}
],
"availability": "No subscription required"
}
Ubuntu:18.04:LTS / apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2@2.4.29-1ubuntu4.1?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.4.29-1ubuntu4.1
Affected versions
2.*
2.4.27-2ubuntu3
2.4.29-1ubuntu1
2.4.29-1ubuntu2
2.4.29-1ubuntu3
2.4.29-1ubuntu4
Ecosystem specific
{
"ubuntu_priority": "low",
"binaries": [
{
"binary_name": "apache2",
"binary_version": "2.4.29-1ubuntu4.1"
},
{
"binary_name": "apache2-bin",
"binary_version": "2.4.29-1ubuntu4.1"
},
{
"binary_name": "apache2-data",
"binary_version": "2.4.29-1ubuntu4.1"
},
{
"binary_name": "apache2-dbg",
"binary_version": "2.4.29-1ubuntu4.1"
},
{
"binary_name": "apache2-dev",
"binary_version": "2.4.29-1ubuntu4.1"
},
{
"binary_name": "apache2-doc",
"binary_version": "2.4.29-1ubuntu4.1"
},
{
"binary_name": "apache2-ssl-dev",
"binary_version": "2.4.29-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-custom",
"binary_version": "2.4.29-1ubuntu4.1"
},
{
"binary_name": "apache2-suexec-pristine",
"binary_version": "2.4.29-1ubuntu4.1"
},
{
"binary_name": "apache2-utils",
"binary_version": "2.4.29-1ubuntu4.1"
}
],
"availability": "No subscription required"
}