[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#530834: CVE-2009-1195: Apache HTTP Server AllowOverride Options Security Bypass

Package: apache2
Severity: serious
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,

redhat recently patched apache2.

CVE-2009-1195 is still reserved, but is disclosed in RHSA-2009-1075[1]

A security issue has been reported in Apache HTTP Server, which can be exploited
by malicious, local users to bypass certain security restrictions.

The security issue is caused due to an error when processing "AllowOverride"
directives and certain "Options" arguments in ".htaccess" files, which can be
exploited to e.g. execute commands via Server Side Includes.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.


[1]https://rhn.redhat.com/errata/RHSA-2009-1075.html

For further information see:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195
https://bugzilla.redhat.com/show_bug.cgi?id=489436

Patch: http://svn.apache.org/viewvc?view=rev&revision=772997


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoeNDUACgkQNxpp46476aqz6QCgiucSQYvA8tWz3uSq4ps49ZaR
hEEAoJeOa+VFCuH2ZcC+DIhhPRtitElP
=nVX9
-----END PGP SIGNATURE-----
Reply to: