Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability

Apache 'Options' and 'AllowOverride' Directives Security Bypass Vulnerability

References:

Apache Homepage (Apache Software Foundation)
Bug 489436 - (CVE-2009-1195) CVE-2009-1195 AllowOverride Options=IncludesNoExec (Jonathan Peatfield)
Bugzilla Bug 44262 AllowOverride Options= grants the permission of the 'All' opt (Apache Software Foundation)
CHANGES_2.2 (Apache Software Foundation)
Includes vs IncludesNoExec security issue - help needed (Joe Orton)
Multiple Vulnerabilities in the Apache 2 HTTP Server Prior to 2.2.16 (chandan)
Multiple Vulnerabilities in the Apache 2 HTTP Server Prior to 2.2.16 (Oracle)
Revision 652885 (rpluem)
ASA-2009-200 httpd security update (RHSA-2009-1075) (Avaya)
RHSA-2009:1160 Important: httpd22 security update (Red Hat)

Privacy Statement
Copyright 2010, SecurityFocus