Description
The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
Remediation
References
Related Vulnerabilities
WordPress 4.0.x Arbitrary File Deletion Vulnerability (4.0 - 4.0.23)
Oracle Database Server Other Vulnerability (CVE-2006-3700)
MySQL CVE-2022-21313 Vulnerability (CVE-2022-21313)
WordPress Plugin Facebook, Twitter & Google+ Social Widgets Multiple Vulnerabilities (1.3.7)
Internet Information Services Other Vulnerability (CVE-2000-0025)