Published: 06/03/2013 Updated: 06/03/2013
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

The Debian apache2ctl script in the apache2 package squeeze prior to 2.2.16-6+squeeze11, wheezy prior to 2.2.22-13, and sid prior to 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

debian apache2

Vendor Advisories

Several vulnerabilities have been found in the Apache HTTPD server CVE-2012-3499 The modules mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp did not properly escape hostnames and URIs in HTML output, causing cross site scripting vulnerabilities CVE-2012-4558 Mod_proxy_balancer did not properly escape hostnames and ...
Several security issues were fixed in the Apache HTTP Server ...