Description

Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.

Remediation

References

CVE-2007-6514

Related Vulnerabilities

ATutor Improper Privilege Management Vulnerability (CVE-2017-1000003)

WordPress Plugin Manage and respond to conversations with leads-HappyForms PHP Object Injection (1.0.0)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-6514)

Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-3057)

WordPress Plugin Developer Formatter Cross-Site Request Forgery (2012.0.1.39)

Severity

Medium

Classification

CVE-2007-6514 CWE-200

Tags

Missing Update Known Vulnerabilities