Oval Definition:	oval:org.mitre.oval:def:7270
Revision Date: 2014-06-23 Version: 19 Title: DSA-1816 apache2 -- insufficient security check Description: It was discovered that the Apache web server did not properly handle the "Options=" parameter to the AllowOverride directive: In the stable distribution (lenny), local users could (via .htaccess) enable script execution in Server Side Includes even in configurations where the AllowOverride directive contained only Options=IncludesNoEXEC. In the oldstable distribution (etch), local users could (via .htaccess) enable script execution in Server Side Includes and CGI script execution in configurations where the AllowOverride directive contained any "Options=" value. The oldstable distribution (etch), this problem has been fixed in version 2.2.3-4+etch8. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2009-1195 DSA-1816 Platform(s): Debian GNU/Linux 4.0 Debian GNU/Linux 5.0 Product(s): apache2 Definition Synopsis Release section Debian GNU/Linux 5.0 is installed AND Architecture section Architecture independent section Installed architecture is all AND Packages section apache2-src is earlier than 2.2.9-10+lenny3 OR apache2-doc is earlier than 2.2.9-10+lenny3 OR apache2 is earlier than 2.2.9-10+lenny3 OR Architecture dependent section Supported architectures section Installed architecture is s390 OR Installed architecture is amd64 OR Installed architecture is sparc OR Installed architecture is arm OR Installed architecture is i386 OR Installed architecture is armel OR Installed architecture is mips OR Installed architecture is ia64 OR Installed architecture is alpha OR Installed architecture is powerpc OR Installed architecture is mipsel OR Installed architecture is hppa AND Packages section apache2-utils is earlier than 2.2.9-10+lenny3 OR apache2-mpm-worker is earlier than 2.2.9-10+lenny3 OR apache2.2-common is earlier than 2.2.9-10+lenny3 OR apache2-suexec-custom is earlier than 2.2.9-10+lenny3 OR apache2-suexec is earlier than 2.2.9-10+lenny3 OR apache2-threaded-dev is earlier than 2.2.9-10+lenny3 OR apache2-dbg is earlier than 2.2.9-10+lenny3 OR apache2-mpm-event is earlier than 2.2.9-10+lenny3 OR apache2-mpm-prefork is earlier than 2.2.9-10+lenny3 OR apache2-prefork-dev is earlier than 2.2.9-10+lenny3 OR Architecture dependent section Supported architectures section Installed architecture is amd64 OR Installed architecture is i386 OR Installed architecture is powerpc OR Installed architecture is hppa OR Installed architecture is sparc OR Installed architecture is armel OR Installed architecture is mips OR Installed architecture is ia64 OR Installed architecture is alpha OR Installed architecture is mipsel OR Installed architecture is arm AND apache2-mpm-itk is earlier than 2.2.6-02-1+lenny1 OR Release section Debian GNU/Linux 4.0 is installed. AND Architecture section Architecture independent section Installed architecture is all AND Packages section apache2-mpm-perchild is earlier than 2.2.3-4+etch8 OR apache2-src is earlier than 2.2.3-4+etch8 OR apache2-doc is earlier than 2.2.3-4+etch8 OR apache2 is earlier than 2.2.3-4+etch8 OR apache2-utils is earlier than 2.2.3-4+etch8 OR apache2-mpm-worker is earlier than 2.2.3-4+etch8 OR apache2.2-common is earlier than 2.2.3-4+etch8 OR apache2-threaded-dev is earlier than 2.2.3-4+etch8 OR apache2-mpm-event is earlier than 2.2.3-4+etch8 OR apache2-mpm-prefork is earlier than 2.2.3-4+etch8 OR apache2-prefork-dev is earlier than 2.2.3-4+etch8 OR Architecture dependent section Supported architectures section Installed architecture is amd64 OR Installed architecture is i386 OR Installed architecture is powerpc OR Installed architecture is hppa OR Installed architecture is sparc OR Installed architecture is mips OR Installed architecture is ia64 OR Installed architecture is alpha OR Installed architecture is mipsel OR Installed architecture is arm AND apache2-mpm-itk is earlier than 2.2.3-01-2+etch2
BACK