Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2009-1195HistoryMay 28, 2009 - 8:30 p.m.
CVE-2009-1195
2009-05-2820:30:00
Debian Security Bug Tracker
security-tracker.debian.org
12
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
41.0%
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | apache2 | <ย 2.2.11-6 | apache2_2.2.11-6_all.deb |
| Debian | 11 | all | apache2 | <ย 2.2.11-6 | apache2_2.2.11-6_all.deb |
| Debian | 10 | all | apache2 | <ย 2.2.11-6 | apache2_2.2.11-6_all.deb |
| Debian | 999 | all | apache2 | <ย 2.2.11-6 | apache2_2.2.11-6_all.deb |
| Debian | 13 | all | apache2 | <ย 2.2.11-6 | apache2_2.2.11-6_all.deb |
Related
openvas
openvas
Debian Security Advisory DSA 1816-1 (apache2)
2009-06-23 00:00:00
Debian Security Advisory DSA 1816-1 (apache2)
2009-06-23 00:00:00
nessus
nessus
Debian DSA-1816-1 : apache2 - insufficient security check
2009-06-18 00:00:00
MDVA-2009:095 : apache
2009-06-11 00:00:00
CentOS 5 : httpd (CESA-2009:1075)
2010-01-06 00:00:00
httpd
httpd
Apache Httpd < 2.2.12 : AllowOverride Options handling bypass
2009-03-09 00:00:00
seebug
seebug
Apache HTTP Server AllowOverride้้กน็ป่ฟๅฎๅ
จ้ๅถๆผๆด
2009-06-22 00:00:00
veracode
veracode
Privilege Escalation
2020-04-10 00:33:35
cve
cve
CVE-2009-1195
2009-05-28 20:30:00
debian
debian
[SECURITY] [DSA 1816-1] New apache2 packages fix privilege escalation
2009-06-16 19:56:30
prion
prion
Design/Logic Flaw
2009-05-28 20:30:00
securityvulns
securityvulns
Apache protection bypass
2009-06-01 00:00:00
[ MDVSA-2009:124 ] apache
2009-06-01 00:00:00
ubuntucve
ubuntucve
CVE-2009-1195
2009-05-28 00:00:00
centos
centos
httpd, mod_ssl security update
2009-05-28 17:08:08
oraclelinux
oraclelinux
httpd security update
2009-05-27 00:00:00
redhat
redhat
(RHSA-2009:1075) Moderate: httpd security update
2009-05-27 00:00:00
(RHSA-2009:1156) Important: httpd security update
2009-07-14 00:00:00
(RHSA-2009:1155) Important: httpd security update
2009-07-14 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: httpd-2.2.13-1.fc11
2009-08-31 23:39:38
gentoo
gentoo
Apache: Multiple vulnerabilities
2009-07-12 00:00:00
ubuntu
ubuntu
Apache vulnerabilities
2009-06-11 00:00:00
suse
suse
potential code execution in apache2,libapr1
2009-10-26 13:21:56
slackware
slackware
httpd
2009-08-02 15:33:03
freebsd
freebsd
apache22 -- several vulnerabilities
2009-07-28 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 2.2.12-alt1
2009-07-30 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.12-alt1
2009-07-30 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.12-alt1
2009-07-30 00:00:00
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
41.0%
Related for DEBIANCVE:CVE-2009-1195