CVE
- Id
- 38630
- CVE No.
- CVE-2009-1195
- Status
- Candidate
- Description
- The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
- Phase
- Assigned (20090331)
- Votes
- None (candidate not yet proposed)
- Comments
Related CVE References
| Id | CVE Id | CVE No. | Reference | Actions |
|---|---|---|---|---|
| 423025 | 38630 | CVE-2009-1195 | BUGTRAQ:20091112 rPSA-2009-0142-1 httpd mod_ssl | View |
| 423026 | 38630 | CVE-2009-1195 | URL:http://www.securityfocus.com/archive/1/archive/1/507852/100/0/threaded | View |
| 423027 | 38630 | CVE-2009-1195 | BUGTRAQ:20091113 rPSA-2009-0142-2 httpd mod_ssl | View |
| 423028 | 38630 | CVE-2009-1195 | URL:http://www.securityfocus.com/archive/1/archive/1/507857/100/0/threaded | View |
| 423029 | 38630 | CVE-2009-1195 | MLIST:[apache-httpd-dev] 20090423 Includes vs IncludesNoExec security issue - help needed | View |
| 423030 | 38630 | CVE-2009-1195 | URL:http://marc.info/?l=apache-httpd-dev&m=124048996106302&w=2 | View |
| 423031 | 38630 | CVE-2009-1195 | CONFIRM:http://svn.apache.org/viewvc?view=rev&revision=772997 | View |
| 423032 | 38630 | CVE-2009-1195 | CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=489436 | View |
| 423033 | 38630 | CVE-2009-1195 | CONFIRM:http://support.apple.com/kb/HT3937 | View |
| 423034 | 38630 | CVE-2009-1195 | CONFIRM:http://wiki.rpath.com/Advisories:rPSA-2009-0142 | View |
| 423035 | 38630 | CVE-2009-1195 | APPLE:APPLE-SA-2009-11-09-1 | View |
| 423036 | 38630 | CVE-2009-1195 | URL:http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html | View |
| 423037 | 38630 | CVE-2009-1195 | DEBIAN:DSA-1816 | View |
| 423038 | 38630 | CVE-2009-1195 | URL:http://www.debian.org/security/2009/dsa-1816 | View |
| 423039 | 38630 | CVE-2009-1195 | FEDORA:FEDORA-2009-8812 | View |
| 423040 | 38630 | CVE-2009-1195 | URL:https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html | View |
| 423041 | 38630 | CVE-2009-1195 | GENTOO:GLSA-200907-04 | View |
| 423042 | 38630 | CVE-2009-1195 | URL:http://security.gentoo.org/glsa/glsa-200907-04.xml | View |
| 423043 | 38630 | CVE-2009-1195 | HP:HPSBUX02612 | View |
| 423044 | 38630 | CVE-2009-1195 | URL:http://marc.info/?l=bugtraq&m=129190899612998&w=2 | View |
| 423045 | 38630 | CVE-2009-1195 | HP:SSRT100345 | View |
| 423046 | 38630 | CVE-2009-1195 | URL:http://marc.info/?l=bugtraq&m=129190899612998&w=2 | View |
| 423047 | 38630 | CVE-2009-1195 | MANDRIVA:MDVSA-2009:124 | View |
| 423048 | 38630 | CVE-2009-1195 | URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:124 | View |
| 423049 | 38630 | CVE-2009-1195 | REDHAT:RHSA-2009:1075 | View |
| 423050 | 38630 | CVE-2009-1195 | URL:http://www.redhat.com/support/errata/RHSA-2009-1075.html | View |
| 423051 | 38630 | CVE-2009-1195 | REDHAT:RHSA-2009:1156 | View |
| 423052 | 38630 | CVE-2009-1195 | URL:http://www.redhat.com/support/errata/RHSA-2009-1156.html | View |
| 423053 | 38630 | CVE-2009-1195 | SUSE:SUSE-SA:2009:050 | View |
| 423054 | 38630 | CVE-2009-1195 | URL:http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html | View |
| 423055 | 38630 | CVE-2009-1195 | UBUNTU:USN-787-1 | View |
| 423056 | 38630 | CVE-2009-1195 | URL:http://www.ubuntu.com/usn/usn-787-1 | View |
| 423057 | 38630 | CVE-2009-1195 | BID:35115 | View |
| 423058 | 38630 | CVE-2009-1195 | URL:http://www.securityfocus.com/bid/35115 | View |
| 423059 | 38630 | CVE-2009-1195 | OSVDB:54733 | View |
| 423060 | 38630 | CVE-2009-1195 | URL:http://osvdb.org/54733 | View |
| 423061 | 38630 | CVE-2009-1195 | OVAL:oval:org.mitre.oval:def:11094 | View |
| 423062 | 38630 | CVE-2009-1195 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11094 | View |
| 423063 | 38630 | CVE-2009-1195 | OVAL:oval:org.mitre.oval:def:8704 | View |
| 423064 | 38630 | CVE-2009-1195 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8704 | View |
| 423065 | 38630 | CVE-2009-1195 | OVAL:oval:org.mitre.oval:def:12377 | View |
| 423066 | 38630 | CVE-2009-1195 | URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12377 | View |
| 423067 | 38630 | CVE-2009-1195 | SECTRACK:1022296 | View |
| 423068 | 38630 | CVE-2009-1195 | URL:http://www.securitytracker.com/id?1022296 | View |
| 423069 | 38630 | CVE-2009-1195 | SECUNIA:35261 | View |
| 423070 | 38630 | CVE-2009-1195 | URL:http://secunia.com/advisories/35261 | View |
| 423071 | 38630 | CVE-2009-1195 | SECUNIA:35264 | View |
| 423072 | 38630 | CVE-2009-1195 | URL:http://secunia.com/advisories/35264 | View |
| 423073 | 38630 | CVE-2009-1195 | SECUNIA:35453 | View |
| 423074 | 38630 | CVE-2009-1195 | URL:http://secunia.com/advisories/35453 | View |
| 423075 | 38630 | CVE-2009-1195 | SECUNIA:35395 | View |
| 423076 | 38630 | CVE-2009-1195 | URL:http://secunia.com/advisories/35395 | View |
| 423077 | 38630 | CVE-2009-1195 | SECUNIA:35721 | View |
| 423078 | 38630 | CVE-2009-1195 | URL:http://secunia.com/advisories/35721 | View |
| 423079 | 38630 | CVE-2009-1195 | SECUNIA:37152 | View |
| 423080 | 38630 | CVE-2009-1195 | URL:http://secunia.com/advisories/37152 | View |
| 423081 | 38630 | CVE-2009-1195 | VUPEN:ADV-2009-1444 | View |
| 423082 | 38630 | CVE-2009-1195 | URL:http://www.vupen.com/english/advisories/2009/1444 | View |
| 423083 | 38630 | CVE-2009-1195 | VUPEN:ADV-2009-3184 | View |
| 423084 | 38630 | CVE-2009-1195 | URL:http://www.vupen.com/english/advisories/2009/3184 | View |
| 423085 | 38630 | CVE-2009-1195 | XF:apache-allowoverrides-security-bypass(50808) | View |
