Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-q5wm-suxb-jfeb
Vulnerability ID VCID-q5wm-suxb-jfeb
Aliases CVE-2017-15715
Summary The expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-787 Out-of-bounds Write
System Score Found at
cvssv3 3.7 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json
epss 0.93618 https://api.first.org/data/v1/epss?cve=CVE-2017-15715
epss 0.94103 https://api.first.org/data/v1/epss?cve=CVE-2017-15715
epss 0.94103 https://api.first.org/data/v1/epss?cve=CVE-2017-15715
epss 0.94103 https://api.first.org/data/v1/epss?cve=CVE-2017-15715
epss 0.94103 https://api.first.org/data/v1/epss?cve=CVE-2017-15715
cvssv3 4.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
apache_httpd low https://httpd.apache.org/security/json/CVE-2017-15715.json
archlinux Medium https://security.archlinux.org/AVG-664
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json
https://api.first.org/data/v1/epss?cve=CVE-2017-15715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1560614 https://bugzilla.redhat.com/show_bug.cgi?id=1560614
ASA-201804-4 https://security.archlinux.org/ASA-201804-4
AVG-664 https://security.archlinux.org/AVG-664
CVE-2017-15715 https://httpd.apache.org/security/json/CVE-2017-15715.json
RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0366
RHSA-2019:0367 https://access.redhat.com/errata/RHSA-2019:0367
RHSA-2020:3958 https://access.redhat.com/errata/RHSA-2020:3958
USN-3627-1 https://usn.ubuntu.com/3627-1/
USN-3627-2 https://usn.ubuntu.com/3627-2/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.99842
EPSS Score 0.93618
Published At April 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:36:21.507172+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2017-15715.json 38.0.0