Description
A series of "Confusion Attacks" have been discovered in Apache HTTP Server, exploiting inconsistencies in how different modules interpret and process data. These attacks include Filename Confusion, DocumentRoot Confusion, and Handler Confusion, which can lead to various security issues including bypassing access controls, arbitrary file access, and execution of unintended handlers.
Remediation
Update to the latest version of Apache HTTP Server that addresses these Confusion Attacks. Carefully review and test all RewriteRules, especially those with user-controllable input. Limit the use of FollowSymLinks option and restrict access to sensitive directories. Regularly audit server configurations and installed modules for potential security issues.