High severity8.1NVD Advisory· Published Mar 26, 2018· Updated Jun 17, 2026
CVE-2017-15715
CVE-2017-15715
Description
In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
13- osv-coords11 versionspkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/apache2&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/apache2&distro=SUSE%20OpenStack%20Cloud%206pkg:rpm/suse/apache2&distro=SUSE%20OpenStack%20Cloud%207
< 2.4.16-20.16.1+ 10 more
- (no CPE)range: < 2.4.16-20.16.1
- (no CPE)range: < 2.4.23-29.18.2
- (no CPE)range: < 2.4.23-29.18.2
- (no CPE)range: < 2.4.23-29.18.2
- (no CPE)range: < 2.4.10-14.31.1
- (no CPE)range: < 2.4.16-20.16.1
- (no CPE)range: < 2.4.23-29.18.2
- (no CPE)range: < 2.4.23-29.18.2
- (no CPE)range: < 2.4.23-29.18.2
- (no CPE)range: < 2.4.16-20.16.1
- (no CPE)range: < 2.4.23-29.18.2
- Range: 2.4.0 to 2.4.29
Patches
Vulnerability mechanics
References
27- www.openwall.com/lists/oss-security/2018/03/24/6nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/103525nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1040570nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2018:3558nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2019:0366nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2019:0367nvdThird Party Advisory
- httpd.apache.org/security/vulnerabilities_24.htmlnvdVendor Advisory
- security.netapp.com/advisory/ntap-20180601-0004/nvdThird Party Advisory
- support.hpe.com/hpsc/doc/public/displaynvdThird Party Advisory
- usn.ubuntu.com/3627-1/nvdThird Party Advisory
- usn.ubuntu.com/3627-2/nvdThird Party Advisory
- www.debian.org/security/2018/dsa-4164nvdThird Party Advisory
- lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Envd
- security.elarlang.eu/cve-2017-15715-apache-http-server-filesmatch-bypass-with-a-trailing-newline-at-the-end-of-the-file-name.htmlnvd
- www.tenable.com/security/tns-2019-09nvd
News mentions
0No linked articles in our index yet.