Vulnerability Details : CVE-2007-6514
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
Vulnerability category: Information leak
Threat overview for CVE-2007-6514
Top countries where our scanners detected CVE-2007-6514
Top open port discovered on systems with this issue
80
IPs affected by CVE-2007-6514 6,509
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-6514!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-6514
Probability of exploitation activity in the next 30 days: 0.61%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 76 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-6514
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2007-6514
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-6514
-
Red Hat 2008-01-09Old versions of the Linux 2.4 kernel allowed the lookup of names containing backslashes over smbfs -- so there were multiple names which would reference any particular file, allowing the bypass of Apache controls such as AddType. Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue was corrected with a backported patch for Red Hat Enterprise Linux 2.1 by RHSA-2007:0672. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6514
- cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*When used together with: Linux » Linux Kernel