, The Register 2002-08-15
Default installations of Apache on Windows are susceptible to a bug discovered by Italian researcher Luigi Auriemma, Apache.org reports.
Details are sketchy to discourage immediate exploitation, but the organization says it will post additional details 'in the coming weeks'.
Meanwhile, the fix is simple. Add the following line to the httpd.conf file before the first 'Alias' or 'Redirect' directive:
RedirectMatch 400 "\\\.\."
The fix is included in version 2.0.40, along with fixes for "two minor path-revealing exposures," Apache says. Apache fixed the binaries within 24 hours of initial notification, PivX notes. ®
