Vulnerability identifier: #VU11284
Vulnerability risk: Low
Exploitation vector: Network
Vendor: Apache Foundation
The vulnerability allows a remote attacker to bypass security restrictions on the target system.
The weakness exists on systems that allow uploading of user-specified filenames due to the '<FilesMatch>' expression may not correctly match characters in a filename. A remote attacker can supply a specially crafted filename to potentially bypass security controls that use the '<FilesMatch>' directive.
Update to version 2.4.32.
Vulnerable software versions
Apache HTTP Server: 2.4.1 - 2.4.29
Fixed software versions
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?