Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as >, which causes a different filename to be processed and served.
Affected Apache versions (up to 2.0.43).
- Upgrade Apache 2.x to the latest version.
- WordPress Plugin Bliss Gallery Arbitrary File Upload (2.3)
- WordPress Plugin WooCommerce Possible Remote Code Execution (3.4.5)
- WordPress 2.1.2 Multiple Vulnerabilities (2.1 - 2.1.2)
- WordPress Plugin Smart Slider 2 Multiple Cross-Site Scripting Vulnerabilities (2.3.11)
- WordPress Plugin Image Gallery-Responsive Photo Gallery Cross-Site Scripting (2.0.5)