oval
via4
|
accepted | 2013-04-29T04:11:29.205-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 5 | oval | oval:org.mitre.oval:def:11414 |
comment | The operating system installed on the system is CentOS Linux 5.x | oval | oval:org.mitre.oval:def:15802 |
comment | Oracle Linux 5.x | oval | oval:org.mitre.oval:def:15459 |
| description | The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. | family | unix | id | oval:org.mitre.oval:def:11094 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. | version | 18 |
accepted | 2015-04-20T04:00:23.007-04:00 | class | vulnerability | contributors | name | K, Balamurugan | organization | Hewlett-Packard |
name | Sushant Kumar Singh | organization | Hewlett-Packard |
name | Sushant Kumar Singh | organization | Hewlett-Packard |
name | Prashant Kumar | organization | Hewlett-Packard |
name | Mike Cokus | organization | The MITRE Corporation |
| description | The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. | family | unix | id | oval:org.mitre.oval:def:12377 | status | accepted | submitted | 2011-02-01T12:25:58.000-05:00 | title | HP-UX Apache-based Web Server, Local Information Disclosure, Increase of Privilege, Remote Denial of Service (DoS) | version | 49 |
accepted | 2014-07-14T04:01:31.517-04:00 | class | vulnerability | contributors | name | J. Daniel Brown | organization | DTCC |
name | Mike Lah | organization | The MITRE Corporation |
name | Shane Shaffer | organization | G2, Inc. |
name | Maria Mikhno | organization | ALTX-SOFT |
| definition_extensions | comment | Apache HTTP Server 2.2.x is installed on the system | oval | oval:org.mitre.oval:def:8550 |
| description | The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file. | family | windows | id | oval:org.mitre.oval:def:8704 | status | accepted | submitted | 2010-03-08T17:30:00.000-05:00 | title | Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability | version | 11 |
|