Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as >, which causes a different filename to be processed and served.
Affected Apache versions (up to 2.0.43).
- Upgrade Apache 2.x to the latest version.
- Application error message
- WordPress Plugin wpForo Forum Cross-Site Scripting (1.4.11)
- WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (5.2.2)
- WordPress Plugin Viper's Video Quicktags Unspecified Vulnerability (6.4.4)
- WordPress 4.2.x Arbitrary File Deletion Vulnerability (4.2 - 4.2.20)