Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as >, which causes a different filename to be processed and served.
Affected Apache versions (up to 2.0.43).
- Upgrade Apache 2.x to the latest version.
- WordPress Plugin LB Mixed Slideshow 'upload.php' Arbitrary File Upload (1.0)
- WordPress Plugin iThemes Security (formerly Better WP Security) Multiple Vulnerabilities (3.6.3)
- WordPress Plugin MailChimp for WordPress Cross-Site Scripting (4.1.6)
- WordPress Plugin RSS Includes Pages Unspecified Vulnerability (3.1)
- WordPress 3.3.1 Multiple Vulnerabilities (2.0 - 3.3.1)