CVE-2017-15715

Name of the Vulnerable Software and Affected Versions Apache httpd versions 2.4.0 through 2.4.29

Description The issue arises from the expression specified in FilesMatch being able to match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename. The vulnerability exists due to insufficient input validation, which may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.

Recommendations For Apache httpd versions 2.4.0 through 2.4.29, consider updating to a version where this issue is fixed, as the current version may allow malicious filenames to bypass external blocking by matching the trailing portion of the filename. At the moment, there is no information about a newer version that contains a fix for this vulnerability.