Test Kennung:	1.3.6.1.4.1.25623.1.0.100211
Kategorie:	Web Servers
Titel:	Apache HTTP Server 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability
Zusammenfassung:	Apache HTTP Server is prone to a security bypass vulnerability; related to the handling of specific configuration directives.
Beschreibung:	Summary: Apache HTTP Server is prone to a security bypass vulnerability related to the handling of specific configuration directives. Vulnerability Impact: A local attacker may exploit this issue to execute arbitrary code within the context of the webserver process. This may result in elevated privileges or aid in further attacks. Affected Software/OS: Versions prior to Apache HTTP Server 2.2.9 are vulnerable. Solution: Update to version 2.2.9 or later. CVSS Score: 4.9 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1195 1022296 http://www.securitytracker.com/id?1022296 20091112 rPSA-2009-0142-1 httpd mod_ssl http://www.securityfocus.com/archive/1/507852/100/0/threaded 20091113 rPSA-2009-0142-2 httpd mod_ssl http://www.securityfocus.com/archive/1/507857/100/0/threaded 35115 http://www.securityfocus.com/bid/35115 35261 http://secunia.com/advisories/35261 35264 http://secunia.com/advisories/35264 35395 http://secunia.com/advisories/35395 35453 http://secunia.com/advisories/35453 35721 http://secunia.com/advisories/35721 37152 http://secunia.com/advisories/37152 54733 http://osvdb.org/54733 ADV-2009-1444 http://www.vupen.com/english/advisories/2009/1444 ADV-2009-3184 http://www.vupen.com/english/advisories/2009/3184 APPLE-SA-2009-11-09-1 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html DSA-1816 http://www.debian.org/security/2009/dsa-1816 FEDORA-2009-8812 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html GLSA-200907-04 http://security.gentoo.org/glsa/glsa-200907-04.xml HPSBUX02612 http://marc.info/?l=bugtraq&m=129190899612998&w=2 MDVSA-2009:124 http://www.mandriva.com/security/advisories?name=MDVSA-2009:124 RHSA-2009:1075 http://www.redhat.com/support/errata/RHSA-2009-1075.html RHSA-2009:1156 http://www.redhat.com/support/errata/RHSA-2009-1156.html SSRT100345 SUSE-SA:2009:050 http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html USN-787-1 http://www.ubuntu.com/usn/usn-787-1 [apache-httpd-dev] 20090423 Includes vs IncludesNoExec security issue - help needed http://marc.info/?l=apache-httpd-dev&m=124048996106302&w=2 [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/ https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E [httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E apache-allowoverrides-security-bypass(50808) https://exchange.xforce.ibmcloud.com/vulnerabilities/50808 http://support.apple.com/kb/HT3937 http://svn.apache.org/viewvc?view=rev&revision=772997 http://wiki.rpath.com/Advisories:rPSA-2009-0142 https://bugzilla.redhat.com/show_bug.cgi?id=489436 oval:org.mitre.oval:def:11094 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11094 oval:org.mitre.oval:def:12377 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12377 oval:org.mitre.oval:def:8704 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8704
Copyright	Copyright (C) 2009 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.