4.9

CVE-2009-1195

Exploit
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version2.2.0
ApacheHTTP Server Version2.2.1
ApacheHTTP Server Version2.2.2
ApacheHTTP Server Version2.2.3
ApacheHTTP Server Version2.2.4
ApacheHTTP Server Version2.2.7
ApacheHTTP Server Version2.2.8
ApacheHTTP Server Version2.2.9
ApacheHTTP Server Version2.2.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.96% 0.777
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
http://marc.info/?l=bugtraq&m=129190899612998&w=2
Third Party Advisory
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Mailing List
http://support.apple.com/kb/HT3937
Third Party Advisory
http://www.vupen.com/english/advisories/2009/3184
Third Party Advisory
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
Third Party Advisory
http://secunia.com/advisories/35264
Third Party Advisory
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:124
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1075.html
Third Party Advisory
http://secunia.com/advisories/35395
Third Party Advisory
http://secunia.com/advisories/35721
Third Party Advisory
http://security.gentoo.org/glsa/glsa-200907-04.xml
Third Party Advisory
http://www.ubuntu.com/usn/usn-787-1
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html
Third Party Advisory
http://marc.info/?l=apache-httpd-dev&m=124048996106302&w=2
Third Party Advisory
http://osvdb.org/54733
Broken Link
http://secunia.com/advisories/35261
Third Party Advisory
http://secunia.com/advisories/35453
Third Party Advisory
http://secunia.com/advisories/37152
Third Party Advisory
http://svn.apache.org/viewvc?view=rev&revision=772997
Patch
Vendor Advisory
Exploit
http://wiki.rpath.com/Advisories:rPSA-2009-0142
Third Party Advisory
http://www.debian.org/security/2009/dsa-1816
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1156.html
Third Party Advisory
http://www.securityfocus.com/archive/1/507852/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/507857/100/0/threaded
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/35115
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022296
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2009/1444
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=489436
Patch
Exploit
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/50808
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11094
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12377
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8704
Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html
Third Party Advisory