DEBIAN-CVE-2017-15715

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2017-15715

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2017-15715.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2017-15715

Upstream

CVE-2017-15715

Published

2018-03-26T15:29:00Z

Modified

2025-09-19T06:24:10Z

Summary

[none]

Details

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

References

https://security-tracker.debian.org/tracker/CVE-2017-15715

Affected packages

Debian:11 / apache2

Package

Name: apache2
Purl: pkg:deb/debian/apache2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.33-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / apache2

Package

Name: apache2
Purl: pkg:deb/debian/apache2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.33-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / apache2

Package

Name: apache2
Purl: pkg:deb/debian/apache2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.33-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / apache2

Package

Name: apache2
Purl: pkg:deb/debian/apache2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.33-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}