Apache – CVE-2017-15715

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to ‘bypass with a trailing newline in the file name’.

CVE-2017-15715 is categorized as an ‘Improper Input Validation’ vulnerability (CWE-20).
That means that the product receives an input or data, but it does not validate or incorrectly validates that the input actually has the properties that are required to process the data safely and correctly.

The expression specified in could possibly match ‘$’ to a newline character in a malicious filename. Rather than matching only the end of the filename.
This could be exploited in environments where uploads of some files are are blocked externally, but only by matching the trailing portion of the filename.

It will lead to information being disclosed, assisting attackers in performing attacks against your assets.
There’s a chance that this vulnerability will allow attackers to modify system files and information. Also, it could cause a decrease in performance and interruptions in the availability of resources.

Recommendation

To fix CVE-2017-15715, upgrade the version of Apache HTTP Server being used to 2.4.33.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715

https://cwe.mitre.org/data/definitions/20.html

< Return to all Vulnerabilities

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

Red Team

You’ve probably heard that there are teams in the Cyber field called Red Team and Blue Team. Let’s talk about the red one, shall we?

Read More »

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »