Title: Apache HTTP Server Windows Share PHP File Extension Mapping Information Disclosure Vulnerability
Severity: MODERATE
Description:
Apache HTTP Server is prone to an information-disclosure vulnerability because it fails to properly associate file extensions with the correct processing engines when handling specially crafted requests for files on Windows SMB shares.
Specifically, requests that contain file extensions followed by the '\' character may be displayed as plain text. The SMBFS filename handler used for the Windows SMB share will correctly find the requested file without needing to strip the trailing '\'. The issue occurs because Apache will include the trailing character with the extension when searching for an 'AddType' directive that maps it to a processing engine ('.php\' instead of '.php'). Apache will not find a directive and will return the file as plain text.
Attackers can leverage this issue to view arbitrary script files as plain text. Potentially sensitive information may be present in the script code. Information harvested could aid in further attacks.
This issue affects Apache 2.2.6 when serving PHP files from a Windows SMB share; other versions may also be affected.
NOTE: This issue may also occur when handling other filename extensions that use AddType directives to associate scripts or executables (e.g. '.cgi\', '.py\', '.rb\', etc.).
Affected Products:
- Apache Software Foundation Apache 2.2.6
References:
- Apache Software Foundation: Apache Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
