CVE-2017-15715 Scanner

The Apache HTTP Server, also known as httpd, is an open-source web server software designed to be used on Unix and Unix-like operating systems, Microsoft Windows, Novell NetWare and other platforms. Apache is the most commonly used web server software in the world which has become a popular option for websites with high traffic. It is widely used because it can handle multiple requests at once, and it can be easily customized and extended with modules.

However, in November 2017, a vulnerability known as CVE-2017-15715 was detected in Apache httpd. This vulnerability could potentially allow attackers to bypass certain security configurations including the server signature configuration, thereby exposing sensitive information about the web server. The exploit was related to the way in which the expression in <FilesMatch> could match to new line characters in a malicious filename.

If this CVE-2017-15715 vulnerability is exploited, it could cause significant consequences to the affected systems. The attacker could bypass certain server security configurations, resulting in sensitive information being disclosed. This could lead to unwanted access to the server and important data being compromised. An attacker could also potentially cause the server to crash, leading to an outage, loss of data, and reputational damage.

In conclusion, it is crucial to take precautions when utilizing the Apache HTTP Server software, as it may expose important data when vulnerabilities such as CVE-2017-15715 are exploited by malicious attackers. By staying up-to-date with the latest security patches and implementing effective security measures, systems administrators and web developers can keep their servers secure and reduce the potential impact of any vulnerabilities that may be detected. Finally, by using the securityforeveryone.com platform, users can quickly learn about vulnerabilities in their digital assets and protect their systems from attacks.

REFERENCES

• http://www.openwall.com/lists/oss-security/2018/03/24/6
• http://www.securityfocus.com/bid/103525
• http://www.securitytracker.com/id/1040570
• https://access.redhat.com/errata/RHSA-2018:3558
• https://access.redhat.com/errata/RHSA-2019:0366
• https://access.redhat.com/errata/RHSA-2019:0367
• https://httpd.apache.org/security/vulnerabilities_24.html
• https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E
• https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
• https://security.elarlang.eu/cve-2017-15715-apache-http-server-filesmatch-bypass-with-a-trailing-newline-at-the-end-of-the-file-name.html
• https://security.netapp.com/advisory/ntap-20180601-0004/
• https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us
• https://usn.ubuntu.com/3627-1/
• https://usn.ubuntu.com/3627-2/
• https://www.debian.org/security/2018/dsa-4164
• https://www.tenable.com/security/tns-2019-09