Search for vulnerabilities
Vulnerability details: VCID-u7ab-vxf1-aaak
Vulnerability ID VCID-u7ab-vxf1-aaak
Aliases CVE-2009-1195
Summary The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-16 Configuration
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2009:1075
rhas Important https://access.redhat.com/errata/RHSA-2009:1155
rhas Important https://access.redhat.com/errata/RHSA-2009:1156
rhas Important https://access.redhat.com/errata/RHSA-2009:1160
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00101 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.0012 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00171 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00216 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00245 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00245 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00245 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
epss 0.00245 https://api.first.org/data/v1/epss?cve=CVE-2009-1195
apache_httpd low https://httpd.apache.org/security/json/CVE-2009-1195.json
cvssv2 4.9 https://nvd.nist.gov/vuln/detail/CVE-2009-1195
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html
http://marc.info/?l=apache-httpd-dev&m=124048996106302&w=2
http://marc.info/?l=bugtraq&m=129190899612998&w=2
http://osvdb.org/54733
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1195.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1195
https://bugzilla.redhat.com/show_bug.cgi?id=489436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195
http://secunia.com/advisories/35261
http://secunia.com/advisories/35264
http://secunia.com/advisories/35395
http://secunia.com/advisories/35453
http://secunia.com/advisories/35721
http://secunia.com/advisories/37152
http://security.gentoo.org/glsa/glsa-200907-04.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/50808
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11094
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12377
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8704
http://support.apple.com/kb/HT3937
http://svn.apache.org/viewvc?view=rev&revision=772997
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html
http://wiki.rpath.com/Advisories:rPSA-2009-0142
http://www.debian.org/security/2009/dsa-1816
http://www.mandriva.com/security/advisories?name=MDVSA-2009:124
http://www.redhat.com/support/errata/RHSA-2009-1075.html
http://www.redhat.com/support/errata/RHSA-2009-1156.html
http://www.securityfocus.com/archive/1/507852/100/0/threaded
http://www.securityfocus.com/archive/1/507857/100/0/threaded
http://www.securityfocus.com/bid/35115
http://www.securitytracker.com/id?1022296
http://www.ubuntu.com/usn/usn-787-1
http://www.vupen.com/english/advisories/2009/1444
http://www.vupen.com/english/advisories/2009/3184
530834 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530834
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.2:*:windows:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.2:*:windows:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.3:*:windows:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.3:*:windows:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.7:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
CVE-2009-1195 https://httpd.apache.org/security/json/CVE-2009-1195.json
CVE-2009-1195 https://nvd.nist.gov/vuln/detail/CVE-2009-1195
GLSA-200907-04 https://security.gentoo.org/glsa/200907-04
RHSA-2009:1075 https://access.redhat.com/errata/RHSA-2009:1075
RHSA-2009:1155 https://access.redhat.com/errata/RHSA-2009:1155
RHSA-2009:1156 https://access.redhat.com/errata/RHSA-2009:1156
RHSA-2009:1160 https://access.redhat.com/errata/RHSA-2009:1160
USN-787-1 https://usn.ubuntu.com/787-1/
No exploits are available.
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2009-1195
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.42540
EPSS Score 0.00101
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.