Description
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
Remediation
References
Related Vulnerabilities
ATutor Improper Privilege Management Vulnerability (CVE-2017-1000003)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-6514)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3057)
WordPress Plugin Developer Formatter Cross-Site Request Forgery (2012.0.1.39)