• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Apache Web Server Default Script Mapping Bypass Vulnerability

A vulnerability has been reported in the Apache Web browser that may result in the server bypassing existing default mappings when serving files.

The vulnerability exists when making requests for files in directories with extensions. The vulnerability may cause the Web server to incorrectly parse the requested file.

Instead of parsing the file 'test' as a text file, the following request to www.target.com/folder.php/test will result in Apache interpreting 'test' as a PHP script.