NVD Vulnerability Detail

CVE-2009-1195

Summary	The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file.
Summary	El Servidor HTTP de Apache v2.2.11 y anteriores a versiones 2.2 no maneja adecuadamente Options=IncludesNOEXEC en la directiva AllowOverride, lo que permite a usuarios locales obtener privilegios configurando (1) Options Includes, (2) Options +Includes, o (3) Options +IncludesNOEXEC en un fichero .htaccess, y después insertar un elemento exec en un fichero .shtml.
Publication Date	May 29, 2009, 5:30 a.m.
Registration Date	Jan. 29, 2021, 1:16 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : MEDIUM
Score	4.9
Vector	AV:L/AC:L/Au:N/C:N/I:N/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	なし
完全性への影響(I)	なし
可用性への影響(A)	高
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:http_server:2.2.0:::::::*
cpe:2.3:a:apache:http_server:2.2.1:::::::*
cpe:2.3:a:apache:http_server:2.2.2:::::::*
cpe:2.3:a:apache:http_server:2.2.3:::::::*
cpe:2.3:a:apache:http_server:2.2.4:::::::*
cpe:2.3:a:apache:http_server:2.2.7:::::::*
cpe:2.3:a:apache:http_server:2.2.8:::::::*
cpe:2.3:a:apache:http_server:2.2.9:::::::*
cpe:2.3:a:apache:http_server:2.2.10:::::::*

Related information, measures and tools

No	URL	refsource
1	http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html	secalert@redhat.com
2	http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html	secalert@redhat.com
3	http://marc.info/?l=apache-httpd-dev&m=124048996106302&w=2	secalert@redhat.com
4	http://marc.info/?l=bugtraq&m=129190899612998&w=2	secalert@redhat.com
5	http://osvdb.org/54733	secalert@redhat.com
6	http://secunia.com/advisories/35261	secalert@redhat.com
7	http://secunia.com/advisories/35264	secalert@redhat.com
8	http://secunia.com/advisories/35395	secalert@redhat.com
9	http://secunia.com/advisories/35453	secalert@redhat.com
10	http://secunia.com/advisories/35721	secalert@redhat.com
11	http://secunia.com/advisories/37152	secalert@redhat.com
12	http://security.gentoo.org/glsa/glsa-200907-04.xml	secalert@redhat.com
13	http://support.apple.com/kb/HT3937	secalert@redhat.com
14	http://svn.apache.org/viewvc?view=rev&revision=772997	secalert@redhat.com
15	http://wiki.rpath.com/Advisories:rPSA-2009-0142	secalert@redhat.com
16	http://www.debian.org/security/2009/dsa-1816	secalert@redhat.com
17	http://www.mandriva.com/security/advisories?name=MDVSA-2009:124	secalert@redhat.com
18	http://www.redhat.com/support/errata/RHSA-2009-1075.html	secalert@redhat.com
19	http://www.redhat.com/support/errata/RHSA-2009-1156.html	secalert@redhat.com
20	http://www.securityfocus.com/archive/1/507852/100/0/threaded	secalert@redhat.com
21	http://www.securityfocus.com/archive/1/507857/100/0/threaded	secalert@redhat.com
22	http://www.securityfocus.com/bid/35115	secalert@redhat.com
23	http://www.securitytracker.com/id?1022296	secalert@redhat.com
24	http://www.ubuntu.com/usn/usn-787-1	secalert@redhat.com
25	http://www.vupen.com/english/advisories/2009/1444	secalert@redhat.com
26	http://www.vupen.com/english/advisories/2009/3184	secalert@redhat.com
27	https://bugzilla.redhat.com/show_bug.cgi?id=489436	secalert@redhat.com
28	https://exchange.xforce.ibmcloud.com/vulnerabilities/50808	secalert@redhat.com
29	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E	secalert@redhat.com
30	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E	secalert@redhat.com
31	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E	secalert@redhat.com
32	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	secalert@redhat.com
33	https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E	secalert@redhat.com
34	https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E	secalert@redhat.com
35	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E	secalert@redhat.com
36	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	secalert@redhat.com
37	https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E	secalert@redhat.com
38	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E	secalert@redhat.com
39	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	secalert@redhat.com
40	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E	secalert@redhat.com
41	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11094	secalert@redhat.com
42	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12377	secalert@redhat.com
43	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8704	secalert@redhat.com
44	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html	secalert@redhat.com
45	http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html	af854a3a-2127-422b-91ae-364da2661108
46	http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html	af854a3a-2127-422b-91ae-364da2661108
47	http://marc.info/?l=apache-httpd-dev&m=124048996106302&w=2	af854a3a-2127-422b-91ae-364da2661108
48	http://marc.info/?l=bugtraq&m=129190899612998&w=2	af854a3a-2127-422b-91ae-364da2661108
49	http://osvdb.org/54733	af854a3a-2127-422b-91ae-364da2661108
50	http://secunia.com/advisories/35261	af854a3a-2127-422b-91ae-364da2661108
51	http://secunia.com/advisories/35264	af854a3a-2127-422b-91ae-364da2661108
52	http://secunia.com/advisories/35395	af854a3a-2127-422b-91ae-364da2661108
53	http://secunia.com/advisories/35453	af854a3a-2127-422b-91ae-364da2661108
54	http://secunia.com/advisories/35721	af854a3a-2127-422b-91ae-364da2661108
55	http://secunia.com/advisories/37152	af854a3a-2127-422b-91ae-364da2661108
56	http://security.gentoo.org/glsa/glsa-200907-04.xml	af854a3a-2127-422b-91ae-364da2661108
57	http://support.apple.com/kb/HT3937	af854a3a-2127-422b-91ae-364da2661108
58	http://svn.apache.org/viewvc?view=rev&revision=772997	af854a3a-2127-422b-91ae-364da2661108
59	http://wiki.rpath.com/Advisories:rPSA-2009-0142	af854a3a-2127-422b-91ae-364da2661108
60	http://www.debian.org/security/2009/dsa-1816	af854a3a-2127-422b-91ae-364da2661108
61	http://www.mandriva.com/security/advisories?name=MDVSA-2009:124	af854a3a-2127-422b-91ae-364da2661108
62	http://www.redhat.com/support/errata/RHSA-2009-1075.html	af854a3a-2127-422b-91ae-364da2661108
63	http://www.redhat.com/support/errata/RHSA-2009-1156.html	af854a3a-2127-422b-91ae-364da2661108
64	http://www.securityfocus.com/archive/1/507852/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
65	http://www.securityfocus.com/archive/1/507857/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
66	http://www.securityfocus.com/bid/35115	af854a3a-2127-422b-91ae-364da2661108
67	http://www.securitytracker.com/id?1022296	af854a3a-2127-422b-91ae-364da2661108
68	http://www.ubuntu.com/usn/usn-787-1	af854a3a-2127-422b-91ae-364da2661108
69	http://www.vupen.com/english/advisories/2009/1444	af854a3a-2127-422b-91ae-364da2661108
70	http://www.vupen.com/english/advisories/2009/3184	af854a3a-2127-422b-91ae-364da2661108
71	https://bugzilla.redhat.com/show_bug.cgi?id=489436	af854a3a-2127-422b-91ae-364da2661108
72	https://exchange.xforce.ibmcloud.com/vulnerabilities/50808	af854a3a-2127-422b-91ae-364da2661108
73	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
74	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
75	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
76	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
77	https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
78	https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
79	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
80	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
81	https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
82	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
83	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
84	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E	af854a3a-2127-422b-91ae-364da2661108
85	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11094	af854a3a-2127-422b-91ae-364da2661108
86	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12377	af854a3a-2127-422b-91ae-364da2661108
87	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8704	af854a3a-2127-422b-91ae-364da2661108
88	https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01363.html	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-16	環境設定	https://cwe.mitre.org/data/definitions/16.html

JVN Vulnerability Information

Apache HTTP Server における AllowOverride ディレクティブの処理に関する権限昇格の脆弱性

Title	Apache HTTP Server における AllowOverride ディレクティブの処理に関する権限昇格の脆弱性
Summary	Apache HTTP Server には、AllowOverride ディレクティブの Options=IncludesNOEXEC を正しく処理しないため、.htaccess ファイル内の Options Includes、Options +Includes、および Options +IncludesNOEXEC の設定により権限を取得される脆弱性が存在します。
Possible impacts	ローカルユーザに、権限を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 28, 2009, midnight
Registration Date	July 6, 2009, 12:16 p.m.
Last Update	May 19, 2011, 9:46 a.m.

Affected System

レッドハット

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux EUS 5.3.z (server)

RHEL Desktop Workstation 5 (client)

ヒューレット・パッカード

HP-UX 11.11

HP-UX 11.23

HP-UX 11.31

HP-UX Apache-based Web Server v.2.2.15.03 未満

Apache Software Foundation

Apache HTTP Server 2.2.11 およびそれ以前

オラクル

OpenSolaris

Oracle Solaris 10

IBM

IBM HTTP Server 7.0.0.5 未満

IBM WebSphere Application Server 7.0.0.5 未満

ターボリナックス

Turbolinux Appliance Server 3.0

Turbolinux Appliance Server 3.0 (x64)

Turbolinux Client 2008

Turbolinux Server 11

Turbolinux Server 11 (x64)

サイバートラスト株式会社

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

アップル

Apple Mac OS X v10.5.8

Apple Mac OS X v10.6

Apple Mac OS X v10.6.1

Apple Mac OS X Server v10.5.8

Apple Mac OS X Server v10.6

Apple Mac OS X Server v10.6.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-1195	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1195
National Vulnerability Database (NVD)
2	CVE-2009-1195	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1195

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-16	https://jvndb.jvn.jp/ja/cwe/CWE-16.html

ベンダー情報

No	Name	URL
Apache httpd 2.2 vulnerabilities
1	Fixed in Apache httpd 2.2.12	http://httpd.apache.org/security/vulnerabilities_22.html#2.2.12
Apache-SVN
2	Revision 772997	http://svn.apache.org/viewvc?view=rev&revision=772997
Apple Security Updates
3	HT3937	http://support.apple.com/kb/HT3937
Apple セキュリティアップデート
4	HT3937	http://support.apple.com/kb/HT3937?viewlocale=ja_JP
Asianux Technical Support Network
5	httpd-2.2.3-22.1.1AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=441
Hewlett Packard
6	HPUXWSATW313	https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXWSATW313
HP Security Bulletin
7	HPSBUX02612	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02579879
IBM サポート & ダウンロード
8	7014463	http://www-01.ibm.com/support/docview.wss?uid=swg27014463
9	7014506	http://www-01.ibm.com/support/docview.wss?uid=swg27014506
Red Hat Security Advisory
10	RHSA-2009:1075	http://rhn.redhat.com/errata/RHSA-2009-1075.html
SECURITY BLOG
11	multiple_vulnerabilities_in_the_apache	http://blogs.sun.com/security/entry/multiple_vulnerabilities_in_the_apache
Turbolinux Security Advisory
12	TLSA-2009-19	http://www.turbolinux.co.jp/security/2009/TLSA-2009-19j.txt
レッドハットセキュリティーアップデート
13	RHSA-2009:1075	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1075J.html

その他

No	Name	URL
ISS X-Force Database
1	50808	http://xforce.iss.net/xforce/xfdb/50808
OPEN SOURCE VULNERABILITY DATABASE (OSVDB)
2	54733	http://osvdb.org/54733
Secunia Advisory
3	SA35261	http://secunia.com/advisories/35261
4	SA35264	http://secunia.com/advisories/35264
SecurityFocus
5	35115	http://www.securityfocus.com/bid/35115
SecurityTracker
6	1022296	http://www.securitytracker.com/id?1022296
VUPEN Security
7	VUPEN/ADV-2009-1444	http://www.vupen.com/english/advisories/2009/1444

Change Log

No	Changed Details	Date of change
0	[2009年07月06日] 掲載 [2009年08月11日] 影響を受けるシステム：IBM (7014506) の情報を追加ベンダ情報：Apache Software Foundation (Fixed in Apache httpd 2.2.12) を追加ベンダ情報：IBM (7014506) を追加 [2009年09月25日] 影響を受けるシステム：IBM (7014463) の情報を追加ベンダ情報：IBM (7014463) を追加 [2009年12月15日] 影響を受けるシステム：アップル (HT3937) の情報を追加ベンダ情報：アップル (HT3937) を追加 [2010年10月28日] 影響を受けるシステム：オラクル (multiple_vulnerabilities_in_the_apache) の情報を追加ベンダ情報：オラクル (multiple_vulnerabilities_in_the_apache) を追加 [2010年12月15日] 影響を受けるシステム：ヒューレット・パッカード (HPUXWSATW313) の情報を追加影響を受けるシステム：ヒューレット・パッカード (HPSBUX02612) の情報を追加ベンダ情報：ヒューレット・パッカード (HPUXWSATW313) を追加ベンダ情報：ヒューレット・パッカード (HPSBUX02612) を追加 [2011年05月19日] 影響を受けるシステム：オラクル (multiple_vulnerabilities_in_the_apache) の情報を更新	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:http_server:2.2.0:::::::*
cpe:2.3:a:apache:http_server:2.2.1:::::::*
cpe:2.3:a:apache:http_server:2.2.2:::::::*
cpe:2.3:a:apache:http_server:2.2.3:::::::*
cpe:2.3:a:apache:http_server:2.2.4:::::::*
cpe:2.3:a:apache:http_server:2.2.7:::::::*
cpe:2.3:a:apache:http_server:2.2.8:::::::*
cpe:2.3:a:apache:http_server:2.2.9:::::::*
cpe:2.3:a:apache:http_server:2.2.10:::::::*