.htaccess file allows remote attacker to read process memory by sending OPTIONS requests.
This may cause leak of sensitive data that belong to another user.
Issue may be prevented by disabling overriding
Limit option in Apache configuration using
For example, in typical Linux Shared Hosting NG environment, check main configuration file:
[root@ng ~]# grep AllowOverride /etc/httpd/conf/httpd.conf AllowOverride AuthConfig Limit Indexes Options FileInfo
Limit option from the directive:
[root@ng ~]# grep AllowOverride /etc/httpd/conf/httpd.conf AllowOverride AuthConfig Indexes Options FileInfo
For additional information on how to tune the directive refer to the corresponding part of Apache documentation: