CVE-2007-6514 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6514): Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.
Apache herd, please advise.
as far as i can see, there is no patch available yet .. i'm currently on vacation till Dec 27, but will look at it asap
Any news here?
there is no detailed info/patch i can find until today
according to red hats bugzilla and the nist entry, this only happens on older 2.4 kernels, so this either needs a kernel fix if we even have any 2.4 left, otherwise INVALID
No 2.4ers left. Closing.