Vulnerabilities > CVE-2009-1195 - Configuration vulnerability in Apache Http Server

047910
CVSS 4.9 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
COMPLETE
local
low complexity
apache
CWE-16
nessus

Summary

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.

Vulnerable Configurations

Part Description Count
Application
Apache
126

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_SECUPD2009-006.NASL
    descriptionThe remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion
    last seen2020-06-01
    modified2020-06-02
    plugin id42433
    published2009-11-09
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42433
    titleMac OS X Multiple Vulnerabilities (Security Update 2009-006)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    
    if (!defined_func("bn_random")) exit(0);
    if (NASL_LEVEL < 3000) exit(0);
    
    
    include("compat.inc");
    
    
    if (description)
    {
      script_id(42433);
      script_version("1.27");
    
      script_cve_id(
        "CVE-2007-5707",
        "CVE-2007-6698",
        "CVE-2008-0658",
        "CVE-2008-5161",
        "CVE-2009-0023",
        "CVE-2009-1191",
        "CVE-2009-1195",
        "CVE-2009-1574",
        "CVE-2009-1632",
        "CVE-2009-1890",
        "CVE-2009-1891",
        "CVE-2009-1955",
        "CVE-2009-1956",
        "CVE-2009-2408",
        "CVE-2009-2409",
        "CVE-2009-2411",
        "CVE-2009-2412",
        "CVE-2009-2414",
        "CVE-2009-2416",
        "CVE-2009-2666",
        "CVE-2009-2808",
        "CVE-2009-2818",
        "CVE-2009-2819",
        "CVE-2009-2820",
        "CVE-2009-2823",
        "CVE-2009-2824",
        "CVE-2009-2825",
        "CVE-2009-2826",
        "CVE-2009-2827",
        "CVE-2009-2828",
        "CVE-2009-2829",
        "CVE-2009-2831",
        "CVE-2009-2832",
        "CVE-2009-2833",
        "CVE-2009-2834",
        "CVE-2009-2837",
        "CVE-2009-2838",
        "CVE-2009-2839",
        "CVE-2009-2840",
        "CVE-2009-3111",
        "CVE-2009-3291",
        "CVE-2009-3292",
        "CVE-2009-3293"
      );
      script_bugtraq_id(
        26245,
        27778,
        34663,
        35115,
        35221,
        35251,
        35565,
        35623,
        35888,
        35983,
        36263,
        36449,
        36959,
        36961,
        36962,
        36963,
        36964,
        36966,
        36967,
        36972,
        36973,
        36975,
        36977,
        36978,
        36979,
        36982,
        36985,
        36988,
        36990
      );
    
      script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-006)");
      script_summary(english:"Check for the presence of Security Update 2009-006");
    
      script_set_attribute(
        attribute:"synopsis",
        value:
    "The remote host is missing a Mac OS X update that fixes various
    security issues."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is running a version of Mac OS X 10.5 that does not
    have Security Update 2009-006 applied.
    
    This security update contains fixes for the following products :
    
      - AFP Client
      - Adaptive Firewall
      - Apache
      - Apache Portable Runtime
      - ATS
      - Certificate Assistant
      - CoreGraphics
      - CUPS
      - Dictionary
      - DirectoryService
      - Disk Images
      - Event Monitor
      - fetchmail
      - FTP Server
      - Help Viewer
      - International Components for Unicode
      - IOKit
      - IPSec
      - libsecurity
      - libxml
      - OpenLDAP
      - OpenSSH
      - PHP
      - QuickDraw Manager
      - QuickLook
      - FreeRADIUS
      - Screen Sharing
      - Spotlight
      - Subversion"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://support.apple.com/kb/HT3937"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
      );
      script_set_attribute(
        attribute:"see_also", 
        value:"http://www.securityfocus.com/advisories/18255"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Install Security Update 2009-006 or later."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_cwe_id(16, 20, 79, 119, 189, 200, 255, 264, 310, 399);
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/09");
      script_cvs_date("Date: 2018/07/16 12:48:31");
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/MacOSX/packages", "Host/uname");
    
      exit(0);
    }
    
    
    uname = get_kb_item("Host/uname");
    if (!uname) exit(1, "The 'Host/uname' KB item is missing.");
    
    pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$";
    if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+").");
    
    darwin = ereg_replace(pattern:pat, replace:"\1", string:uname);
    if (ereg(pattern:"^(9\.[0-8]\.)", string:darwin))
    {
      packages = get_kb_item("Host/MacOSX/packages/boms");
      if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing.");
    
      if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[6-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages))
        exit(0, "The host has Security Update 2009-006 or later installed and therefore is not affected.");
      else
        security_hole(0);
    }
    else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");
    
  • NASL familyWeb Servers
    NASL idWEBSPHERE_7_0_0_5.NASL
    descriptionIBM WebSphere Application Server 7.0 before Fix Pack 5 appears to be running on the remote host. As such, it is reportedly affected by multiple vulnerabilities : - Non-standard HTTP methods are allowed. (PK73246) - If the admin console is directly accessed from HTTP, the console fails to redirect the connection to a secure login page. (PK77010) - An error in Single Sign-on (SSO) with SPNEGO implementation could allow a remote attacker to bypass security restrictions. (PK77465) -
    last seen2020-06-01
    modified2020-06-02
    plugin id40823
    published2009-08-31
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40823
    titleIBM WebSphere Application Server 7.0 < Fix Pack 5
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(40823);
      script_version("1.13");
      script_cvs_date("Date: 2018/08/06 14:03:16");
    
      script_cve_id(
        "CVE-2009-0899", 
        "CVE-2009-1195", 
        "CVE-2009-1898",
        "CVE-2009-1899",
        "CVE-2009-1900",
        "CVE-2009-1901",
        "CVE-2009-2085",
        "CVE-2009-2087",
        "CVE-2009-2088",
        "CVE-2009-2089", 
        "CVE-2009-0899", 
        "CVE-2009-2090",
        "CVE-2009-2091",
        "CVE-2009-2092"
      );
      script_bugtraq_id(36153, 36154, 36155, 36156, 36157, 36158, 36163);
    
      script_name(english:"IBM WebSphere Application Server 7.0 < Fix Pack 5");
      script_summary(english:"Reads the version number from the SOAP port");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote application server is affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "IBM WebSphere Application Server 7.0 before Fix Pack 5 appears to be
    running on the remote host.  As such, it is reportedly affected by
    multiple vulnerabilities :
    
      - Non-standard HTTP methods are allowed. (PK73246)
    
      - If the admin console is directly accessed from HTTP,
        the console fails to redirect the connection to a
        secure login page. (PK77010)
    
      - An error in Single Sign-on (SSO) with SPNEGO 
        implementation could allow a remote attacker
        to bypass security restrictions. (PK77465)
    
      - 'wsadmin' is affected by a security exposure. 
        (PK77495)  
    
      - Security flag 'isSecurityEnabled' is incorrectly set
        after migrating from VMM. (PK78134)
    
      - Use of insecure password obfuscation algorithm by Web
        services could result in weaker than expected security
        provided the client module specifies a password in 
        ibm-webservicesclient-bind.xmi and target environment 
        has custom password encryption enabled. (PK79275)
    
      - After upgrading from WebSphere Application Server V6.1 
        to V7.0 with tracing enabled, an attacker may be able
        view sensitive information by viewing the trace files.
        (PK80337)  
    
      - If CSIv2 Security is configured with Identity 
        Assertion, it may be possible for a remote
        attacker to bypass security restrictions. (PK83097)
    
      - New applications deployed in WebSphere Application 
        Server for z/OS prior to 1.8 are saved on the file
        system with insecure privileges resulting in
        disclosure of sensitive information. (PK83308)
    
      - Configservice APIs could display sensitive information.
        (PK84999)
    
      - Vulnerabilities in Apache HTTP server could allow a
        local user to gain elevated privileges. (PK86232)
    
      - A error in 'wsadmin' could allow a remote attacker
        to bypass security restrictions. (PK86328)
       
      - A vulnerability in portlet serving enable parameter
        could allow an attacker to bypass security restrictions
        and gain unauthorized access to the application. 
        (PK89385)");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg27014463#7005");
      script_set_attribute(attribute:"solution", value:"Apply Fix Pack 5 (7.0.0.5) or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(16, 200, 255, 264, 287);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2009/07/27");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/07/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/31");
     
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_application_server");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Web Servers");
    
      script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.");
    
      script_dependencies("websphere_detect.nasl");
      script_require_ports("Services/www", 8880, 8881);
      script_require_keys("www/WebSphere");
    
      exit(0);
    }
    
    include("global_settings.inc");
    include("misc_func.inc");
    include("http.inc");
    
    port = get_http_port(default:8880);
    
    
    version = get_kb_item("www/WebSphere/"+port+"/version");
    if (isnull(version)) exit(1, "Failed to extract the version from the IBM WebSphere Application Server instance listening on port " + port + ".");
    if (version =~ "^[0-9]+(\.[0-9]+)?$")
      exit(1, "Failed to extract a granular version from the IBM WebSphere Application Server instance listening on port " + port + ".");
    
    ver = split(version, sep:'.', keep:FALSE);
    for (i=0; i<max_index(ver); i++)
      ver[i] = int(ver[i]);
    
    if (ver[0] == 7 && ver[1] == 0 && ver[2] == 0 && ver[3] < 5)
    {
      if (report_verbosity > 0)
      {
        source = get_kb_item_or_exit("www/WebSphere/"+port+"/source");
    
        report = 
          '\n  Source            : ' + source + 
          '\n  Installed version : ' + version +
          '\n  Fixed version     : 7.0.0.5' +
          '\n';
        security_warning(port:port, extra:report);
      }
      else security_warning(port);
      exit(0);
    }
    else exit(0, "The WebSphere Application Server "+version+" instance listening on port "+port+" is not affected.");
    
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2009-1075.NASL
    descriptionFrom Red Hat Security Advisory 2009:1075 : Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impacting other processes, or causing a system crash. (CVE-2008-1678) Note: The CVE-2008-1678 issue did not affect Red Hat Enterprise Linux 5 prior to 5.3. The problem was introduced via the RHBA-2009:0181 errata in Red Hat Enterprise Linux 5.3, which upgraded OpenSSL to the newer 0.9.8e version. A flaw was found in the handling of the
    last seen2020-06-01
    modified2020-06-02
    plugin id67866
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/67866
    titleOracle Linux 5 : httpd (ELSA-2009-1075)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Red Hat Security Advisory RHSA-2009:1075 and 
    # Oracle Linux Security Advisory ELSA-2009-1075 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(67866);
      script_version("1.9");
      script_cvs_date("Date: 2019/10/25 13:36:08");
    
      script_cve_id("CVE-2008-1678", "CVE-2009-1195");
      script_bugtraq_id(31692);
      script_xref(name:"RHSA", value:"2009:1075");
    
      script_name(english:"Oracle Linux 5 : httpd (ELSA-2009-1075)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Oracle Linux host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "From Red Hat Security Advisory 2009:1075 :
    
    Updated httpd packages that fix two security issues are now available
    for Red Hat Enterprise Linux 5.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    The Apache HTTP Server is a popular and freely-available Web server.
    
    A flaw was found in the handling of compression structures between
    mod_ssl and OpenSSL. If too many connections were opened in a short
    period of time, all system memory and swap space would be consumed by
    httpd, negatively impacting other processes, or causing a system
    crash. (CVE-2008-1678)
    
    Note: The CVE-2008-1678 issue did not affect Red Hat Enterprise Linux
    5 prior to 5.3. The problem was introduced via the RHBA-2009:0181
    errata in Red Hat Enterprise Linux 5.3, which upgraded OpenSSL to the
    newer 0.9.8e version.
    
    A flaw was found in the handling of the 'Options' and 'AllowOverride'
    directives. In configurations using the 'AllowOverride' directive with
    certain 'Options=' arguments, local users were not restricted from
    executing commands from a Server-Side-Include script as intended.
    (CVE-2009-1195)
    
    All httpd users should upgrade to these updated packages, which
    contain backported patches to resolve these issues. Users must restart
    httpd for this update to take effect."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://oss.oracle.com/pipermail/el-errata/2009-May/001022.html"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected httpd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(16, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:httpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:httpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:httpd-manual");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:mod_ssl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2008/07/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2009/05/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Oracle Linux Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
    os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
    
    flag = 0;
    if (rpm_check(release:"EL5", reference:"httpd-2.2.3-22.0.1.el5_3.1")) flag++;
    if (rpm_check(release:"EL5", reference:"httpd-devel-2.2.3-22.0.1.el5_3.1")) flag++;
    if (rpm_check(release:"EL5", reference:"httpd-manual-2.2.3-22.0.1.el5_3.1")) flag++;
    if (rpm_check(release:"EL5", reference:"mod_ssl-2.2.3-22.0.1.el5_3.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "httpd / httpd-devel / httpd-manual / mod_ssl");
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-787-1.NASL
    descriptionMatthew Palmer discovered an underflow flaw in apr-util as included in Apache. An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, .htaccess file, or when using mod_apreq2. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-0023) Sander de Boer discovered that mod_proxy_ajp would reuse connections when a client closed a connection without sending a request body. A remote attacker could exploit this to obtain sensitive response data. This issue only affected Ubuntu 9.04. (CVE-2009-1191) Jonathan Peatfield discovered that Apache did not process Includes options correctly. With certain configurations of Options and AllowOverride, a local attacker could use an .htaccess file to override intended restrictions and execute arbitrary code via a Server-Side-Include file. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2009-1195) It was discovered that the XML parser did not properly handle entity expansion. A remote attacker could cause a denial of service via memory resource consumption by sending a crafted request to an Apache server configured to use mod_dav or mod_dav_svn. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-1955) C. Michael Pilato discovered an off-by-one buffer overflow in apr-util when formatting certain strings. For big-endian machines (powerpc, hppa and sparc in Ubuntu), a remote attacker could cause a denial of service or information disclosure leak. All other architectures for Ubuntu are not considered to be at risk. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-1956). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id39371
    published2009-06-12
    reporterUbuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39371
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : apache2 vulnerabilities (USN-787-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVA-2009-095.NASL
    descriptionThe CVE-2009-1195 patch broke the mod_perl build. Patches from upstream svn has been applied to this update that fixes the issue.
    last seen2019-02-21
    modified2018-07-19
    plugin id39357
    published2009-06-11
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=39357
    titleMDVA-2009:095 : apache
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E15F2356913911DE8F42001AA0166822.NASL
    descriptionApache ChangeLog reports : CVE-2009-1891: Fix a potential Denial-of-Service attack against mod_deflate or other modules. CVE-2009-1195: Prevent the
    last seen2020-06-01
    modified2020-06-02
    plugin id40760
    published2009-08-25
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40760
    titleFreeBSD : apache22 -- several vulnerabilities (e15f2356-9139-11de-8f42-001aa0166822)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_APACHE2-091020.NASL
    descriptionThis update of the Apache webserver fixes various security issues : - the option IncludesNOEXEC could be bypassed via .htaccess (CVE-2009-1195) - mod_proxy could run into an infinite loop when used as reverse proxy (CVE-2009-1890) - mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU (CVE-2009-1891) - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094) - access restriction bypass in mod_proxy_ftp module (CVE-2009-3095)
    last seen2020-06-01
    modified2020-06-02
    plugin id42245
    published2009-10-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42245
    titleopenSUSE Security Update : apache2 (apache2-1419)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_10_6_2.NASL
    descriptionThe remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion
    last seen2020-06-01
    modified2020-06-02
    plugin id42434
    published2009-11-09
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42434
    titleMac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1075.NASL
    descriptionUpdated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impacting other processes, or causing a system crash. (CVE-2008-1678) Note: The CVE-2008-1678 issue did not affect Red Hat Enterprise Linux 5 prior to 5.3. The problem was introduced via the RHBA-2009:0181 errata in Red Hat Enterprise Linux 5.3, which upgraded OpenSSL to the newer 0.9.8e version. A flaw was found in the handling of the
    last seen2020-06-01
    modified2020-06-02
    plugin id38945
    published2009-05-28
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/38945
    titleRHEL 5 : httpd (RHSA-2009:1075)
  • NASL familyWeb Servers
    NASL idAPACHE_2_2_12.NASL
    descriptionAccording to its banner, the version of Apache 2.2.x. running on the remote host is prior to 2.2.12. It is, therefore, affected by the following vulnerabilities : - A heap-based buffer underwrite flaw exists in the function
    last seen2020-04-30
    modified2009-08-02
    plugin id40467
    published2009-08-02
    reporterThis script is Copyright (C) 2009-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40467
    titleApache 2.2.x < 2.2.12 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_APACHE2-091020.NASL
    descriptionThis update of the Apache webserver fixes various security issues : - the option IncludesNOEXEC could be bypassed via .htaccess. (CVE-2009-1195) - mod_proxy could run into an infinite loop when used as reverse proxy. (CVE-2009-1890) - mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU. (CVE-2009-1891) - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094) - access restriction bypass in mod_proxy_ftp module (CVE-2009-3095)
    last seen2020-06-01
    modified2020-06-02
    plugin id42252
    published2009-10-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42252
    titleSuSE 11 Security Update : Apache 2 (SAT Patch Number 1417)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2009-8812.NASL
    descriptionThis update includes the latest release of the Apache HTTP Server, version 2.2.13, fixing several security issues: * Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. (CVE-2009-1891) * Prevent the
    last seen2020-06-01
    modified2020-06-02
    plugin id40833
    published2009-09-02
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40833
    titleFedora 11 : httpd-2.2.13-1.fc11 (2009-8812)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-124.NASL
    descriptionMultiple vulnerabilities has been found and corrected in apache : Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678). Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only). Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0. The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195). This update provides fixes for these vulnerabilities. Update : The patch for fixing CVE-2009-1195 for Mandriva Linux 2008.1 was incomplete, this update addresses the problem.
    last seen2020-06-01
    modified2020-06-02
    plugin id39761
    published2009-06-01
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39761
    titleMandriva Linux Security Advisory : apache (MDVSA-2009:124-1)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2009-214-01.NASL
    descriptionNew httpd packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix security issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id40459
    published2009-08-03
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/40459
    titleSlackware 12.0 / 12.1 / 12.2 / current : httpd (SSA:2009-214-01)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2009-323.NASL
    descriptionMultiple vulnerabilities has been found and corrected in apache : Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678). Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only). mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request (CVE-2009-1191). Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0. The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195). The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890). Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891). The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command (CVE-2009-3094). The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095). Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities.
    last seen2020-06-01
    modified2020-06-02
    plugin id43042
    published2009-12-08
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43042
    titleMandriva Linux Security Advisory : apache (MDVSA-2009:323)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-6572.NASL
    descriptionThis update of the Apache webserver fixes various security issues : - the option IncludesNOEXEC could be bypassed via .htaccess. (CVE-2009-1195) - mod_proxy could run into an infinite loop when used as reverse proxy. (CVE-2009-1890) - mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU. (CVE-2009-1891) - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094) - access restriction bypass in mod_proxy_ftp module. (CVE-2009-3095) Also a incompatibility between mod_cache and mod_rewrite was fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id49826
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49826
    titleSuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6572)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2009-1075.NASL
    descriptionUpdated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The Apache HTTP Server is a popular and freely-available Web server. A flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impacting other processes, or causing a system crash. (CVE-2008-1678) Note: The CVE-2008-1678 issue did not affect Red Hat Enterprise Linux 5 prior to 5.3. The problem was introduced via the RHBA-2009:0181 errata in Red Hat Enterprise Linux 5.3, which upgraded OpenSSL to the newer 0.9.8e version. A flaw was found in the handling of the
    last seen2020-06-01
    modified2020-06-02
    plugin id43753
    published2010-01-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/43753
    titleCentOS 5 : httpd (CESA-2009:1075)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_APACHE2-091020.NASL
    descriptionThis update of the Apache webserver fixes various security issues : - the option IncludesNOEXEC could be bypassed via .htaccess (CVE-2009-1195) - mod_proxy could run into an infinite loop when used as reverse proxy (CVE-2009-1890) - mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU (CVE-2009-1891) - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094) - access restriction bypass in mod_proxy_ftp module (CVE-2009-3095)
    last seen2020-06-01
    modified2020-06-02
    plugin id42248
    published2009-10-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42248
    titleopenSUSE Security Update : apache2 (apache2-1419)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-6576.NASL
    descriptionThis update of the Apache webserver fixes various security issues : - the option IncludesNOEXEC could be bypassed via .htaccess (CVE-2009-1195) - mod_proxy could run into an infinite loop when used as reverse proxy (CVE-2009-1890) - mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU (CVE-2009-1891) - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094) - access restriction bypass in mod_proxy_ftp module (CVE-2009-3095)
    last seen2020-06-01
    modified2020-06-02
    plugin id42319
    published2009-10-30
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42319
    titleopenSUSE 10 Security Update : apache2 (apache2-6576)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20090527_HTTPD_ON_SL5_X.NASL
    descriptionA flaw was found in the handling of compression structures between mod_ssl and OpenSSL. If too many connections were opened in a short period of time, all system memory and swap space would be consumed by httpd, negatively impacting other processes, or causing a system crash. (CVE-2008-1678) A flaw was found in the handling of the
    last seen2020-06-01
    modified2020-06-02
    plugin id60591
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60591
    titleScientific Linux Security Update : httpd on SL5.x i386/x86_64
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200907-04.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200907-04 (Apache: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Apache HTTP server: Jonathan Peatfield reported that the
    last seen2020-06-01
    modified2020-06-02
    plugin id39775
    published2009-07-13
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39775
    titleGLSA-200907-04 : Apache: Multiple vulnerabilities
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-1816.NASL
    descriptionIt was discovered that the Apache web server did not properly handle the
    last seen2020-06-01
    modified2020-06-02
    plugin id39439
    published2009-06-18
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/39439
    titleDebian DSA-1816-1 : apache2 - insufficient security check
  • NASL familySuSE Local Security Checks
    NASL idSUSE_APACHE2-6571.NASL
    descriptionThis update of the Apache webserver fixes various security issues : - the option IncludesNOEXEC could be bypassed via .htaccess. (CVE-2009-1195) - mod_proxy could run into an infinite loop when used as reverse proxy. (CVE-2009-1890) - mod_deflate continued to compress large files even after a network connection was closed, causing mod_deflate to consume large amounts of CPU. (CVE-2009-1891) - The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command. (CVE-2009-3094) - access restriction bypass in mod_proxy_ftp module. (CVE-2009-3095) Also a incompatibility between mod_cache and mod_rewrite was fixed.
    last seen2020-06-01
    modified2020-06-02
    plugin id42253
    published2009-10-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42253
    titleSuSE 10 Security Update : Apache 2 (ZYPP Patch Number 6571)

Oval

  • accepted2013-04-29T04:11:29.205-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
      ovaloval:org.mitre.oval:def:11414
    • commentThe operating system installed on the system is CentOS Linux 5.x
      ovaloval:org.mitre.oval:def:15802
    • commentOracle Linux 5.x
      ovaloval:org.mitre.oval:def:15459
    descriptionThe Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
    familyunix
    idoval:org.mitre.oval:def:11094
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleThe Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
    version18
  • accepted2015-04-20T04:00:23.007-04:00
    classvulnerability
    contributors
    • nameK, Balamurugan
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • nameSushant Kumar Singh
      organizationHewlett-Packard
    • namePrashant Kumar
      organizationHewlett-Packard
    • nameMike Cokus
      organizationThe MITRE Corporation
    descriptionThe Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
    familyunix
    idoval:org.mitre.oval:def:12377
    statusaccepted
    submitted2011-02-01T12:25:58.000-05:00
    titleHP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS)
    version49
  • accepted2014-07-14T04:01:31.517-04:00
    classvulnerability
    contributors
    • nameJ. Daniel Brown
      organizationDTCC
    • nameMike Lah
      organizationThe MITRE Corporation
    • nameShane Shaffer
      organizationG2, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    definition_extensions
    commentApache HTTP Server 2.2.x is installed on the system
    ovaloval:org.mitre.oval:def:8550
    descriptionThe Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
    familywindows
    idoval:org.mitre.oval:def:8704
    statusaccepted
    submitted2010-03-08T17:30:00.000-05:00
    titleApache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
    version11

Redhat

advisories
  • bugzilla
    id497077
    titlememory leak in httpd
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 5 is installed
        ovaloval:com.redhat.rhba:tst:20070331005
      • OR
        • AND
          • commenthttpd-manual is earlier than 0:2.2.3-22.el5_3.1
            ovaloval:com.redhat.rhsa:tst:20091075001
          • commenthttpd-manual is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556004
        • AND
          • commenthttpd is earlier than 0:2.2.3-22.el5_3.1
            ovaloval:com.redhat.rhsa:tst:20091075003
          • commenthttpd is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556002
        • AND
          • commentmod_ssl is earlier than 1:2.2.3-22.el5_3.1
            ovaloval:com.redhat.rhsa:tst:20091075005
          • commentmod_ssl is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556008
        • AND
          • commenthttpd-devel is earlier than 0:2.2.3-22.el5_3.1
            ovaloval:com.redhat.rhsa:tst:20091075007
          • commenthttpd-devel is signed with Red Hat redhatrelease key
            ovaloval:com.redhat.rhsa:tst:20070556006
    rhsa
    idRHSA-2009:1075
    released2009-05-27
    severityModerate
    titleRHSA-2009:1075: httpd security update (Moderate)
  • rhsa
    idRHSA-2009:1156
rpms
  • httpd-0:2.2.3-22.el5_3.1
  • httpd-debuginfo-0:2.2.3-22.el5_3.1
  • httpd-devel-0:2.2.3-22.el5_3.1
  • httpd-manual-0:2.2.3-22.el5_3.1
  • mod_ssl-1:2.2.3-22.el5_3.1
  • httpd-0:2.2.10-10.ep5.el5
  • httpd-debuginfo-0:2.2.10-10.ep5.el5
  • httpd-devel-0:2.2.10-10.ep5.el5
  • httpd-manual-0:2.2.10-10.ep5.el5
  • mod_ssl-1:2.2.10-10.ep5.el5
  • httpd-0:2.2.11-3.el5s2
  • httpd-debuginfo-0:2.2.11-3.el5s2
  • httpd-devel-0:2.2.11-3.el5s2
  • httpd-manual-0:2.2.11-3.el5s2
  • mod_ssl-1:2.2.11-3.el5s2
  • httpd22-0:2.2.10-23.1.ep5.el4
  • httpd22-apr-0:2.2.10-23.1.ep5.el4
  • httpd22-apr-devel-0:2.2.10-23.1.ep5.el4
  • httpd22-apr-util-0:2.2.10-23.1.ep5.el4
  • httpd22-apr-util-devel-0:2.2.10-23.1.ep5.el4
  • httpd22-debuginfo-0:2.2.10-23.1.ep5.el4
  • httpd22-devel-0:2.2.10-23.1.ep5.el4
  • mod_ssl22-1:2.2.10-23.1.ep5.el4

Seebug

  • bulletinFamilyexploit
    descriptionBugraq ID: 35115 CVE ID:CVE-2009-1195 CNCVE ID:CNCVE-20091195 Apache是一款开放源代码的WEB服务程序。 Apache在处理&quot;.htaccess&quot;文件中的&quot;AllowOverride&quot;和部分&quot;options&quot;参数存在错误,可导致通过SSI执行命令。 如下的配置存在安全问题: a) 如果&quot;AllowOverride Options=IncludesNoEXEC&quot;配置在httpd.conf中,用户可以在.htaccess文件中设置&quot;Options Includes&quot;,SSI将会以exec=允许方式启用。 b)如果&quot;AllowOverride Options=IncludesNoEXEC&quot;配置在httpd.conf中,&quot;Options IncludesNoExec&quot;在相同&lt;Directory&gt;上下文启用,在.htaccess文件中设置&quot;Options +IncludesNoExec&quot;可导致SSI将会以exec=允许方式启用。 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux 5 server Apache Software Foundation Apache 2.2.8 Apache Software Foundation Apache 2.2.6 Apache Software Foundation Apache 2.2.5 Apache Software Foundation Apache 2.2.4 Apache Software Foundation Apache 2.2.3 Apache Software Foundation Apache 2.2.2 Apache Software Foundation Apache 2.2.2 Apache Software Foundation Apache 2.2.2 Apache Software Foundation Apache 2.2.2 Apache Software Foundation Apache 2.2.2 Apache Software Foundation Apache 2.2.1 Apache Software Foundation Apache 2.2 厂商解决方案 可参考如下安全公告获得补丁信息: <a href="http://www.apache.org/dist/httpd/CHANGES_2.2" target="_blank" rel=external nofollow>http://www.apache.org/dist/httpd/CHANGES_2.2</a>
    idSSV:11501
    last seen2017-11-19
    modified2009-06-02
    published2009-06-02
    reporterRoot
    titleApache HTTP Server &quot;AllowOverride&quot;和&quot;Options&quot;安全绕过漏洞
  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 35115 CVE(CAN) ID: CVE-2009-1195 Apache HTTP Server是一款流行的Web服务器。 Apache HTTP Server没有正确地处理AllowOverride指令中的Options=IncludesNOEXEC选项,本地用户可以通过在.htaccess文件中配置(1) Options Includes、(2) Options +Includes或(3) Options +IncludesNOEXEC并在.shtml文件中注入exec元素导致绕过安全限制获得权限。 Apache 2.2.x 厂商补丁: Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://svn.apache.org/viewvc?view=rev&amp;revision=652885" target="_blank" rel=external nofollow>http://svn.apache.org/viewvc?view=rev&amp;revision=652885</a> RedHat ------ RedHat已经为此发布了一个安全公告(RHSA-2009:1075-01)以及相应补丁: RHSA-2009:1075-01:Moderate: httpd security update 链接:<a href="https://www.redhat.com/support/errata/RHSA-2009-1075.html" target="_blank" rel=external nofollow>https://www.redhat.com/support/errata/RHSA-2009-1075.html</a>
    idSSV:11668
    last seen2017-11-19
    modified2009-06-22
    published2009-06-22
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-11668
    titleApache HTTP Server AllowOverride选项绕过安全限制漏洞

References