Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache HTTP Server Configuration Vulnerability - CVE-2009-1195 - Vulnerability Database
Apache HTTP Server

Apache HTTP Server Configuration Vulnerability - CVE-2009-1195

Medium
Reference: CVE-2009-1195
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2009-1195
Title: Apache HTTP Server Configuration Vulnerability
Overview:

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle OptionsIncludesNOEXEC in the AllowOverride directive which allows local users to gain privileges by configuring (1) Options Includes (2) Options Includes or (3) Options IncludesNOEXEC in a .htaccess file and then inserting an exec element in a .shtml file.