CVE-2009-1195

Severity

49%

Complexity

39%

Confidentiality

115%

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.

CVSS 2.0 Base Score 4.9. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C).

Overview

First reported 15 years ago

2009-05-28 20:30:00

Last updated 6 years ago

2018-10-30 16:25:00

Affected Software

Apache Software Foundation Apache HTTP Server

Apache Software Foundation Apache HTTP Server 2.2

2.2

Apache Software Foundation Apache HTTP Server 2.2.0

2.2.0

Apache Software Foundation Apache HTTP Server 2.2.1

2.2.1

Apache Software Foundation Apache HTTP Server 2.2.2

2.2.2

Apache Software Foundation Apache HTTP Server 2.2.3

2.2.3

Apache Software Foundation Apache HTTP Server 2.2.4

2.2.4

Apache Software Foundation Apache HTTP Server 2.2.6

2.2.6

Apache Software Foundation Apache HTTP Server 2.2.8

2.2.8

Apache Software Foundation Apache HTTP Server 2.2.9

2.2.9

Apache Software Foundation Apache HTTP Server 2.2.10

2.2.10

References

APPLE-SA-2009-11-09-1

SUSE-SA:2009:050

[apache-httpd-dev] 20090423 Includes vs IncludesNoExec security issue - help needed

HPSBUX02612

54733

35261

35264

Vendor Advisory

35395

35453

35721

37152

GLSA-200907-04

http://support.apple.com/kb/HT3937

http://svn.apache.org/viewvc?view=rev&revision=772997

Exploit, Patch, Vendor Advisory

http://wiki.rpath.com/Advisories:rPSA-2009-0142

DSA-1816

MDVSA-2009:124

RHSA-2009:1075

RHSA-2009:1156

20091112 rPSA-2009-0142-1 httpd mod_ssl

20091113 rPSA-2009-0142-2 httpd mod_ssl

35115

1022296

USN-787-1

ADV-2009-1444

ADV-2009-3184

https://bugzilla.redhat.com/show_bug.cgi?id=489436

Exploit, Patch

apache-allowoverrides-security-bypass(50808)

[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

oval:org.mitre.oval:def:11094

oval:org.mitre.oval:def:12377

oval:org.mitre.oval:def:8704

FEDORA-2009-8812

[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.