Vulnerability
The expression supplied in <FilesMatch> in Apache httpd 2.4.0 to 2.4.29 could match ‘$’ to a newline character in a malicious filename, rather than merely matching the end of the filename. This could be abused in circumstances where external uploads of particular files are restricted, but only by matching the filename’s trailing section.
Mitigation / Precaution
We suggest you update to the latest version.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
