Apache 'Options' And 'AllowOverride' Directives Security Bypass Vulnerability Network Vulnerability

Summary

Apache HTTP server is prone to a security-bypass vulnerability related to the handling of specific configuration directives. A local attacker may exploit this issue to execute arbitrary code within the context of the webserver process. This may result in elevated privileges or aid in further attacks. Versions prior to Apache 2.2.9 are vulnerable.

Solution

Updates are available. Please see http://httpd.apache.org/ for more Information.

References

http://www.securityfocus.com/bid/35115

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1195
CVSS Base Score: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C

Related Vulnerabilities

F*EX (Frams's Fast File EXchange) Multiple XSS Vulnerabilities
Arbor Networks Peakflow SP 'index/' Cross Site Scripting Vulnerability
IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability
Authentication bypassing in Lotus Domino
Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability

Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability

Take action and discover your vulnerabilities