CVE-2007-6514

Apache HTTP Server - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6514. PoCs published by Maciej Piotr Falkiewicz.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in Apache 2.2.6 when serving PHP files from a Windows SMB share. The issue allows attackers to view script files as plain text by exploiting improper file extension handling.

Description

Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled by the intended AddType directive.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Maciej Piotr Falkiewicz · textremotewindows
https://www.exploit-db.com/exploits/30901

This is a writeup describing an information disclosure vulnerability in Apache 2.2.6 when serving PHP files from a Windows SMB share. The issue allows attackers to view script files as plain text by exploiting improper file extension handling.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Apache 2.2.6
No auth needed
Prerequisites: Apache 2.2.6 serving files from a Windows SMB share
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/485316/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3479
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26939
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39158

Scores

EPSS 0.3804
EPSS Percentile 98.4%

Details

CWE
CWE-200
Status published
Products (1)
apache/http_server 2.2.6
Published Dec 21, 2007
Tracked Since Feb 18, 2026