SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Apache HTTPD Vendors:   Apache Software Foundation
Apache HTTPD May Let Remote Users Bypass 'FilesMatch' Directive Security Restrictions on the Target System
SecurityTracker Alert ID:  1040570
SecurityTracker URL:  http://securitytracker.com/id/1040570
CVE Reference:   CVE-2017-15715   (Links to External Site)
Date:  Mar 26 2018
Impact:   Host/resource access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.4.0 to 2.4.29
Description:   A vulnerability was reported in Apache HTTPD. A remote user can bypass security controls on the target system in certain cases.

The '<FilesMatch>' expression may not correctly match characters in a filename. The expression may match the '$' character to a newline character instead of matching only the end of the filename.

On systems that allow uploading of user-specified filenames, a remote user can supply a specially crafted filename to potentially bypass security controls that use the '<FilesMatch>' directive.

Elar Lang - security.elarlang.eu reported this vulnerability.

Impact:   A remote user can bypass security controls on the target system in certain cases.
Solution:   The vendor has issued a fix (2.4.30).

The vendor advisory is available at:

http://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-15715

Vendor URL:  httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-15715 (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  CVE-2017-15715: bypass with a trailing newline in the file name


CVE-2017-15715: <FilesMatch> bypass with a trailing newline in the file name

Severity: Low

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.0 to 2.4.29

Description:
The expression specified in <FilesMatch> could match '$' to a newline character
in a malicious filename, rather than matching only the end of the filename.
This could be exploited in environments where uploads of some files are are
externally blocked, but only by matching the trailing portion of the filename.

Mitigation:
All httpd users should upgrade to 2.4.30 or later.

Credit:
The issue was discovered by Elar Lang - security.elarlang.eu

References:
https://httpd.apache.org/security/vulnerabilities_24.html
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC