Apache 2.0.44 Win32 file reading vulnerability

Description

Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as >, which causes a different filename to be processed and served.

Affected Apache versions (up to 2.0.43).

ShareShare on FacebookTweet about this on TwitterShare on Google+

Impact
Sensitive file disclosure.

Recommendation
Upgrade Apache 2.x to the latest version.

References
CAN 2003-0017
Apache Homepage