### [CVE-2017-15715](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20HTTP%20Server&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=%3CFilesMatch%3E%20bypass%20with%20a%20trailing%20newline%20in%20the%20file%20name&color=brighgreen)

### Description

In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.

### POC

#### Reference
- https://security.elarlang.eu/cve-2017-15715-apache-http-server-filesmatch-bypass-with-a-trailing-newline-at-the-end-of-the-file-name.html

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0day666/Vulnerability-verification
- https://github.com/422926799/haq5201314
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/AlanShami/Red-Team-vs-Blue-Team-Project
- https://github.com/ArrestX/--POC
- https://github.com/Awrrays/FrameVul
- https://github.com/Chad-Atkinson/Red-vs-Blue-team-project
- https://github.com/ChadSWilliamson/Red-vs.-Blue-Project
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/Fa1c0n35/Web-CTF-Cheatshee
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/Miraitowa70/POC-Notes
- https://github.com/PawanKumarPandit/Shodan-nrich
- https://github.com/RoseSecurity-Research/Red-Teaming-TTPs
- https://github.com/RoseSecurity/Red-Teaming-TTPs
- https://github.com/SamGeron/Red-Team-vs-Blue-Team
- https://github.com/SexyBeast233/SecBooks
- https://github.com/ShattenJager81/Cyber-2
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/Xorlent/Red-Teaming-TTPs
- https://github.com/Zero094/Vulnerability-verification
- https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/bioly230/THM_Skynet
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/duckstroms/Web-CTF-Cheatsheet
- https://github.com/enomothem/PenTestNote
- https://github.com/firatesatoglu/shodanSearch
- https://github.com/hacden/vultools
- https://github.com/hailan09/Hacker
- https://github.com/hktalent/bug-bounty
- https://github.com/hxysaury/The-Road-to-Safety
- https://github.com/hxysaury/saury-vulnhub
- https://github.com/intrigueio/intrigue-ident
- https://github.com/jiushill/haq5201314
- https://github.com/kabir0104k/ethan
- https://github.com/q99266/saury-vulnhub
- https://github.com/retr0-13/nrich
- https://github.com/rnbochsr/yr_of_the_jellyfish
- https://github.com/rochoabanuelos/Red-Team-vs-Blue-Team-Analysis
- https://github.com/safe6Sec/PentestNote
- https://github.com/shamsulchowdhury/Unit-20-Project-2-Red-vs-Blue-Team
- https://github.com/shuanx/vulnerability
- https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough
- https://github.com/vshaliii/DC-3-Vulnhub-Walkthrough
- https://github.com/vshaliii/Funbox2-rookie
- https://github.com/w181496/Web-CTF-Cheatsheet
- https://github.com/whisp1830/CVE-2017-15715
- https://github.com/zha0/Bei-Gai-penetration-test-guide