DEBIAN-CVE-2009-1195

DEBIAN-CVE-2009-1195 PUBLISHED

The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.

Affected Products

Vendor	Product	Versions
Debian:13	apache2	0, 0, 0
Debian:11	apache2	0, 0, 0
Debian:12	apache2	0, 0, 0
Debian:14	apache2	0, 0, 0

Timeline

May 28, 2009 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2009-1195 advisory

Open in Interactive Console →