MacOS X Client Apache File Protection Bypass Vulnerability

info
discussion
exploit
solution
references

MacOS X Client Apache File Protection Bypass Vulnerability

This example was supplied by Stefan Arentz <stefan.arentz@soze.com>:

The following request will result in a 403 Forbidden as excpected:

GET /test/index.html

But the following request will happily serve the file:

GET /TeSt/index.html