Is CVE-2017-15715 known to be exploited?

72 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Http Server

CVE-2017-15715

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uplo…

EPSS: 0.936 (99.8th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Http Server — versions 2.4.0 to 2.4.29

Public proof-of-concept exploits

References

USN-3627-1 (x_refsource_UBUNTU, vendor-advisory)
DSA-4164 (vendor-advisory, x_refsource_DEBIAN)
security.netapp.com/advisory/ntap-20180601-0004/ (x_refsource_CONFIRM)
RHSA-2018:3558 (x_refsource_REDHAT, vendor-advisory)
support.hpe.com/hpsc/doc/public/display (x_refsource_CONFIRM)
RHSA-2019:0367 (x_refsource_REDHAT, vendor-advisory)
USN-3627-2 (x_refsource_UBUNTU, vendor-advisory)
103525 (vdb-entry, x_refsource_BID)
1040570 (vdb-entry, x_refsource_SECTRACK)
httpd.apache.org/security/vulnerabilities_24.html (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2017-15715?: CVE-2017-15715 is a vulnerability in Apache Software Foundation Http Server. Published 2018-03-26.
Is CVE-2017-15715 known to be exploited?: 72 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.