Computer Security
[EN] securityvulns.ru no-pyccku


Apache protection bypass
Published:01.06.2009
Source:
SecurityVulns ID:9951
Type:local
Threat Level:
4/10
Description:Invalid IncludesNOEXEC option processing allows code execution via included .shtml files.
Affected:APACHE : Apache 2.2
CVE:CVE-2009-1195 (The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.)
Original documentdocumentMANDRIVA, [ MDVSA-2009:124 ] apache (01.06.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod