Intrusion Prevention



This indicates detection of an attempt scan to exploit an Information Disclosure vulnerability in Apache HTTP Server.
The vulnerability is due to a misconfiguration error in target system's .htaccess file when target system handling HTTP requests. A remote attacker can exploit this to gain access to secret data from process memory.
Signature for this vulnerability is a rate based signature and will trigger at a rate of 10 request per 50 second.

Affected Products

Apache HTTP Server 2.2.34 and prior
Apache HTTP Server 2.4.27 and prior
Debian Linux 7.0 to 9.0


Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Upgrade to the latest version available from the website.

CVE References


Other References

42745 1807754