CVE-2017-15715

CVE-2017-15715

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match ‘$’ to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

Source: CVE-2017-15715

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다