Apache <= 2.0.39 Win32 Crafted Traversal Arbitrary File Access
High Nessus Plugin ID 11092
SynopsisIt is possible to execute code on the remote host.
DescriptionA security vulnerability in Apache 2.0.39 on Windows systems allows attackers to access files that would otherwise be inaccessible using a directory traversal attack.
An attacker could use this to read sensitive files or potentially execute any command on your system.
SolutionUpgrade to Apache 2.0.40 or later. Alternatively, add the following in your httpd.conf file, before the first 'Alias' or 'Redirect' directive :
RedirectMatch 400 \\\.\.