httpd: <FilesMatch> bypass with a trailing newline in the file name

In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the...

Apache httpd FilesMatch Directive Security Restriction Bypass (CVE-2017-15715)

A security policy bypass vulnerability exists in Apache httpd. A remote attacker can exploit this vulnerability by sending a HTTP request with crafted URI to the remote HTTP server. Successful exploitation could result security policy bypass and arbitrary file upload...

CVE-2006-6511

The CVE-2006-6511 entry concerns the product dadaIMC .99.3, where an insufficiently restrictive FilesMatch directive in the installed .htaccess allows remote attackers to execute arbitrary PHP code. Specifically, uploaded files whose names contain any of the words: feature, editor, newswire, othe...

MacOS X Finder reveals contents of Apache Web directories

MacOS X creates a hidden file, '.DSStore' in each directory that has been viewed with the 'Finder'. This file contains a list of the contents of the directory, giving an attacker information on the structure and contents of your website. OpenVAS Vulnerability Test $Id: osXapachefinder.nasl 8023...