Summary
Apache HTTP server is prone to a security-bypass vulnerability related to the handling of specific configuration directives.
A local attacker may exploit this issue to execute arbitrary code within the context of the webserver process. This may result in elevated privileges or aid in further attacks.
Versions prior to Apache 2.2.9 are vulnerable.
Solution
Updates are available. Please see http://httpd.apache.org/ for more Information.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-1195 -
CVSS Base Score: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
- Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities
- JServ Cross Site Scripting
- Ecava IntegraXor Multiple Cross-Site Scripting Vulnerabilities (Windows)
- HTTP File Server Security Bypass and Denial of Service Vulnerabilities