Intrusion Prevention

Apache.httpd.FilesMatch.Directive.Security.Restriction.Bypass

Description

This indicates an attack attempt to exploit a Security Policy Bypass Vulnerability in Apache Software Foundation httpd.
The vulnerability is due to an error in the vulnerable application when handling a maliciously crafted request. A remote attacker may be able to exploit this to upload a file that is not permitted within the context of the application, via a crafted request.

Affected Products

Apache Software Foundation httpd 2.4.x Prior to 2.4.30

Impact

Security Bypass: Remote attackers can bypass security features of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor:
http://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-15715

CVE References

CVE-2017-15715