WEB APPLICATION VULNERABILITIES Standard & Premium

Apache HTTP Server Configuration Vulnerability (CVE-2009-1195)

Description

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.

Remediation

References

Related Vulnerabilities

PHP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-5814)

YetiForce CRM Improper Input Validation Vulnerability (CVE-2021-4111)

WordPress Plugin 3D Cover Carousel Cross-Site Scripting (1.0)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-2266)

Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13587)

Severity

Medium

Classification

Tags

Missing Update Known Vulnerabilities