CVE-2007-6514

Impact:
Low
Public Date:
2007-12-19
Bugzilla:
426548: CVE-2007-6514 When document is on smbfs, a trailing backslash at the end of file name bypasses content type match

The MITRE CVE dictionary describes this issue as:

Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.

Find out more about CVE-2007-6514 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

Old versions of the Linux 2.4 kernel allowed the lookup of names containing backslashes over smbfs -- so there were multiple names which would reference any particular file, allowing the bypass of Apache controls such as AddType.

Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, or 5. This issue was corrected with a backported patch for Red Hat Enterprise Linux 2.1 by RHSA-2007:0672.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6514

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.