Signature Detail

HTTP: Apache httpd FilesMatch Directive Security Restriction Bypass

This signature detects attempts to exploit a known vulnerability against Apache httpd. A remote attacker can exploit this vulnerability by sending a HTTP PUT request with crafted URI to the remote HTTP server. Successful exploitation could result in security policy bypass and arbitrary file upload if the HTTP server is configured to allow file uploading like HTTP PUT method.

Extended Description

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

Affected Products

• Apache http_server 2.4.0
• Apache http_server 2.4.1
• Apache http_server 2.4.10
• Apache http_server 2.4.12
• Apache http_server 2.4.14
• Apache http_server 2.4.16
• Apache http_server 2.4.17
• Apache http_server 2.4.18
• Apache http_server 2.4.19
• Apache http_server 2.4.2
• Apache http_server 2.4.20
• Apache http_server 2.4.21
• Apache http_server 2.4.22
• Apache http_server 2.4.23
• Apache http_server 2.4.24
• Apache http_server 2.4.25
• Apache http_server 2.4.26
• Apache http_server 2.4.27
• Apache http_server 2.4.28
• Apache http_server 2.4.29
• Apache http_server 2.4.3
• Apache http_server 2.4.4
• Apache http_server 2.4.6
• Apache http_server 2.4.7
• Apache http_server 2.4.8
• Apache http_server 2.4.9
• Canonical ubuntu_linux 14.04
• Canonical ubuntu_linux 16.04
• Canonical ubuntu_linux 17.10
• Canonical ubuntu_linux 18.04
• Debian debian_linux 8.0
• Debian debian_linux 9.0
• Netapp clustered_data_ontap -
• Netapp santricity_cloud_connector -
• Netapp storage_automation_store -
• Netapp storagegrid -
• Redhat enterprise_linux 6.0
• Redhat enterprise_linux 7.0
• Redhat enterprise_linux 7.4
• Redhat enterprise_linux 7.5
• Redhat enterprise_linux 7.6

References

• CVE: CVE-2017-15715