UBUNTU-CVE-2017-15715

See a problem?

Source

https://ubuntu.com/security/notices/UBUNTU-CVE-2017-15715

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-15715.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2017-15715

Related

Published

2018-03-26T00:00:00Z

Modified

2018-03-26T00:00:00Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

References

Affected packages

Ubuntu:14.04:LTS / apache2

Package

Name: apache2
Purl: pkg:deb/ubuntu/apache2@2.4.7-1ubuntu4.20?arch=src?distro=trusty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.7-1ubuntu4.20

Affected versions

2.*

2.4.6-2ubuntu2

2.4.6-2ubuntu3

2.4.6-2ubuntu4

2.4.7-1ubuntu1

2.4.7-1ubuntu2

2.4.7-1ubuntu3

2.4.7-1ubuntu4

2.4.7-1ubuntu4.1

2.4.7-1ubuntu4.4

2.4.7-1ubuntu4.5

2.4.7-1ubuntu4.6

2.4.7-1ubuntu4.7

2.4.7-1ubuntu4.8

2.4.7-1ubuntu4.9

2.4.7-1ubuntu4.10

2.4.7-1ubuntu4.11

2.4.7-1ubuntu4.13

2.4.7-1ubuntu4.15

2.4.7-1ubuntu4.16

2.4.7-1ubuntu4.17

2.4.7-1ubuntu4.18

2.4.7-1ubuntu4.19

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "apache2-suexec": "2.4.7-1ubuntu4.20",
            "apache2-suexec-pristine-dbgsym": "2.4.7-1ubuntu4.20",
            "libapache2-mod-proxy-html": "1:2.4.7-1ubuntu4.20",
            "apache2-dev": "2.4.7-1ubuntu4.20",
            "apache2-bin": "2.4.7-1ubuntu4.20",
            "apache2-suexec-custom": "2.4.7-1ubuntu4.20",
            "apache2-suexec-pristine": "2.4.7-1ubuntu4.20",
            "apache2-doc": "2.4.7-1ubuntu4.20",
            "apache2-mpm-event": "2.4.7-1ubuntu4.20",
            "apache2": "2.4.7-1ubuntu4.20",
            "apache2-dbg": "2.4.7-1ubuntu4.20",
            "apache2-utils-dbgsym": "2.4.7-1ubuntu4.20",
            "apache2-data": "2.4.7-1ubuntu4.20",
            "apache2-mpm-prefork": "2.4.7-1ubuntu4.20",
            "apache2-mpm-itk": "2.4.7-1ubuntu4.20",
            "libapache2-mod-macro": "1:2.4.7-1ubuntu4.20",
            "apache2-suexec-custom-dbgsym": "2.4.7-1ubuntu4.20",
            "apache2.2-bin": "2.4.7-1ubuntu4.20",
            "apache2-bin-dbgsym": "2.4.7-1ubuntu4.20",
            "apache2-utils": "2.4.7-1ubuntu4.20",
            "apache2-mpm-worker": "2.4.7-1ubuntu4.20"
        }
    ]
}

Ubuntu:16.04:LTS / apache2

Package

Name: apache2
Purl: pkg:deb/ubuntu/apache2@2.4.18-2ubuntu3.8?arch=src?distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.18-2ubuntu3.8

Affected versions

2.*

2.4.12-2ubuntu2

2.4.17-1ubuntu1

2.4.17-2ubuntu1

2.4.17-3ubuntu1

2.4.18-1ubuntu1

2.4.18-2ubuntu1

2.4.18-2ubuntu2

2.4.18-2ubuntu3

2.4.18-2ubuntu3.1

2.4.18-2ubuntu3.2

2.4.18-2ubuntu3.3

2.4.18-2ubuntu3.4

2.4.18-2ubuntu3.5

2.4.18-2ubuntu3.7

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "apache2-suexec-pristine-dbgsym": "2.4.18-2ubuntu3.8",
            "apache2-dev": "2.4.18-2ubuntu3.8",
            "apache2-bin": "2.4.18-2ubuntu3.8",
            "apache2-suexec-pristine": "2.4.18-2ubuntu3.8",
            "apache2-doc": "2.4.18-2ubuntu3.8",
            "apache2": "2.4.18-2ubuntu3.8",
            "apache2-dev-dbgsym": "2.4.18-2ubuntu3.8",
            "apache2-dbg": "2.4.18-2ubuntu3.8",
            "apache2-utils-dbgsym": "2.4.18-2ubuntu3.8",
            "apache2-data": "2.4.18-2ubuntu3.8",
            "apache2-dbgsym": "2.4.18-2ubuntu3.8",
            "apache2-suexec-custom-dbgsym": "2.4.18-2ubuntu3.8",
            "apache2-bin-dbgsym": "2.4.18-2ubuntu3.8",
            "apache2-utils": "2.4.18-2ubuntu3.8",
            "apache2-suexec-custom": "2.4.18-2ubuntu3.8"
        }
    ]
}

Ubuntu:18.04:LTS / apache2

Package

Name: apache2
Purl: pkg:deb/ubuntu/apache2@2.4.29-1ubuntu4.1?arch=src?distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.29-1ubuntu4.1

Affected versions

2.*

2.4.27-2ubuntu3

2.4.29-1ubuntu1

2.4.29-1ubuntu2

2.4.29-1ubuntu3

2.4.29-1ubuntu4

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "apache2-ssl-dev": "2.4.29-1ubuntu4.1",
            "apache2-dbg": "2.4.29-1ubuntu4.1",
            "apache2-dev": "2.4.29-1ubuntu4.1",
            "apache2-bin": "2.4.29-1ubuntu4.1",
            "apache2-data": "2.4.29-1ubuntu4.1",
            "apache2-suexec-pristine": "2.4.29-1ubuntu4.1",
            "apache2-doc": "2.4.29-1ubuntu4.1",
            "apache2": "2.4.29-1ubuntu4.1",
            "apache2-utils": "2.4.29-1ubuntu4.1",
            "apache2-suexec-custom": "2.4.29-1ubuntu4.1"
        }
    ]
}