Configuration
CVE-2009-1195
Summary
The Apache HTTP Server versions 2.2.x prior to 2.2.12 do not properly handle "Options=IncludesNOEXEC" in the "AllowOverride" directive, which allows local users to gain privileges by configuring (1) "Options Includes", (2) "Options +Includes", or (3) "Options +IncludesNOEXEC" in a ".htaccess" file, and then inserting an "exec" element in a ".shtml" file.
- LOW
- LOCAL
- NONE
- UNCHANGED
- NONE
- NONE
- NONE
- HIGH
CWE-16 - Configuration
Weaknesses in this category are typically introduced during the configuration of the software.
Advisory Timeline
- Published
