Published: 28/05/2009 Updated: 15/02/2024

CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9

VMScore: 440

Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Subscribe to Http Server

The Apache HTTP Server 2.2.11 and previous versions 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache http server 2.2.0
apache http server 2.2.10
apache http server 2.2.2
apache http server 2.2.4
apache http server 2.2.8
apache http server 2.2.7
apache http server 2.2.9
apache http server 2.2.3
apache http server 2.2.1

Debian Bug report logs - #530834 CVE-2009-1195: Apache HTTP Server AllowOverride Options Security Bypass Package: apache2; Maintainer for apache2 is Debian Apache Maintainers <debian-apache@listsdebianorg>; Source for apache2 is src:apache2 (PTS, buildd, popcon) Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> ...

Matthew Palmer discovered an underflow flaw in apr-util as included in Apache An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, htaccess file, or when using mod_apreq2 This issue only affected Ubuntu 606 LTS (CVE-2009-0023) ...

Synopsis Moderate: httpd security update Type/Severity Security Advisory: Moderate Topic Updated httpd packages that fix two security issues are now available forRed Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Descriptio ...

Synopsis Important: httpd security update Type/Severity Security Advisory: Important Topic Updated httpd packages that fix multiple security issues are now availablefor JBoss Enterprise Web Server 100 for Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedH ...

It was discovered that the Apache web server did not properly handle the "Options=" parameter to the AllowOverride directive: In the stable distribution (lenny), local users could (via htaccess) enable script execution in Server Side Includes even in configurations where the AllowOverride directive contained only Options=IncludesNoEXEC In the ol ...

CWE-16 http://secunia.com/advisories/35264 https://bugzilla.redhat.com/show_bug.cgi?id=489436 http://svn.apache.org/viewvc?view=rev&revision=772997 http://secunia.com/advisories/35261 http://www.redhat.com/support/errata/RHSA-2009-1075.html http://osvdb.org/54733 http://www.securitytracker.com/id?1022296 http://www.vupen.com/english/advisories/2009/1444 http://marc.info/?l=apache-httpd-dev&m=124048996106302&w=2 http://www.securityfocus.com/bid/35115 http://www.mandriva.com/security/advisories?name=MDVSA-2009:124 http://www.debian.org/security/2009/dsa-1816 http://secunia.com/advisories/35453 http://www.ubuntu.com/usn/usn-787-1 http://secunia.com/advisories/35395 http://www.redhat.com/support/errata/RHSA-2009-1156.html http://secunia.com/advisories/35721 http://security.gentoo.org/glsa/glsa-200907-04.xml https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html http://secunia.com/advisories/37152 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://support.apple.com/kb/HT3937 http://www.vupen.com/english/advisories/2009/3184 http://wiki.rpath.com/Advisories:rPSA-2009-0142 http://marc.info/?l=bugtraq&m=129190899612998&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/50808 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8704 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12377 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11094 http://www.securityfocus.com/archive/1/507857/100/0/threaded http://www.securityfocus.com/archive/1/507852/100/0/threaded https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530834 https://usn.ubuntu.com/787-1/https://nvd.nist.gov

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook