A significant vulnerability has been discovered in the Windows version of the Apache webserver.
This vulnerability has the potential to allow an attacker to inflict serious damage to a server, and reveal sensitive data. This vulnerability affects default installations of the Apache web server.Read more
Unix and other variant platforms appear unaffected. Cygwin users are likely to be affected.
Solution:
A simple one line workaround in the httpd.conf file will close the vulnerability. Prior to the first 'Alias' or 'Redirect' directive, add the following directive to the global server configuration:
RedirectMatch 400 ..
Fixes for this vulnerability are also included in Apache HTTP server version 2.0.40. The 2.0.40 release also contains fixes for two minor path-revealing exposures. This release of Apache is available at http://www.apache.org/dist/httpd/
