View Full Version : Apache security issue in Windows... already fixed :)

16 Aug 2002, 19:21
Default installations of Apache on Windows are susceptible to a bug discovered by Luigi Auriemma, Apache.org reports.
Details are sketchy to discourage immediate exploitation, but the organization says it will post additional details 'in the coming weeks'.

Meanwhile, the fix is simple. Add the following line to the httpd.conf file before the first 'Alias' or 'Redirect' directive:
RedirectMatch 400 "\\\.\."
The fix is included in version 2.0.40, along with fixes for "two minor path-revealing exposures," Apache says. Apache fixed the binaries within 24 hours of initial notification.