6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.959 High
EPSS
Percentile
99.5%
In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch>
could match β$β to a newline character in a malicious filename, rather than
matching only the end of the filename. This could be exploited in
environments where uploads of some files are are externally blocked, but
only by matching the trailing portion of the filename.
www.openwall.com/lists/oss-security/2018/03/24/6
httpd.apache.org/security/vulnerabilities_24.html
launchpad.net/bugs/cve/CVE-2017-15715
nvd.nist.gov/vuln/detail/CVE-2017-15715
security-tracker.debian.org/tracker/CVE-2017-15715
ubuntu.com/security/notices/USN-3627-1
ubuntu.com/security/notices/USN-3627-2
www.cve.org/CVERecord?id=CVE-2017-15715
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.959 High
EPSS
Percentile
99.5%