SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6572)

This update of the Apache webserver fixes various security issues : - the option IncludesNOEXEC could be bypassed via .htaccess. CVE-2009-1195 - modproxy could run into an infinite loop when used as reverse proxy. CVE-2009-1890 - moddeflate continued to compress large files even after a network...

SuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6571)

This update of the Apache webserver fixes various security issues : - the option IncludesNOEXEC could be bypassed via .htaccess. CVE-2009-1195 - modproxy could run into an infinite loop when used as reverse proxy. CVE-2009-1890 - moddeflate continued to compress large files even after a network...

SuSE 11 Security Update : Apache 2 (SAT Patch Number 1417)

This update of the Apache webserver fixes various security issues : - the option IncludesNOEXEC could be bypassed via .htaccess. CVE-2009-1195 - modproxy could run into an infinite loop when used as reverse proxy. CVE-2009-1890 - moddeflate continued to compress large files even after a network...

FreeBSD Ports: apache

The remote host is missing an update to the system as announced in the referenced advisory. VID e15f2356-9139-11de-8f42-001aa0166822 OpenVAS Vulnerability Test $ Description: Auto generated from VID e15f2356-9139-11de-8f42-001aa0166822 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Apache HTTP Server AllowOverride选项绕过安全限制漏洞

BUGTRAQ ID: 35115 CVECAN ID: CVE-2009-1195 Apache HTTP Server是一款流行的Web服务器。 Apache HTTP Server没有正确地处理AllowOverride指令中的Options=IncludesNOEXEC选项，本地用户可以通过在.htaccess文件中配置1 Options Includes、2 Options +Includes或3 Options +IncludesNOEXEC并在.shtml文件中注入exec元素导致绕过安全限制获得权限。 Apache 2.2.x 厂商补丁： Apache Group...

CVE-2009-1195

CVE-2009-1195 affects the Apache HTTP Server 2.2.x line (2.2.11 and earlier). The issue arises from improper handling of the Options=IncludesNOEXEC in the AllowOverride directive, enabling local users to configure .htaccess files to enable script execution via (1) Options Includes, (2) Options +I...

httpd: AllowOverride Options=IncludesNoExec allows Options Includes

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring 1 Options Includes, 2 Options +Includes, or 3 Options +IncludesNOEXEC in a .htaccess file, and then...