2
Candidate: CVE-2007-1742
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1742
6
suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for
7
verifying whether the current directory is within the document root, which
8
might allow local users to perform unauthorized operations on incorrect
9
directories, as demonstrated using "html_backup" and "htmleditor" under an
10
"html" directory. NOTE: the researcher, who is reliable, claims that the
11
vendor disputes the issue because "the attacks described rely on an
12
insecure server configuration" in which the user "has write access to the
16
kees> negligible addition checks for suexec
18
upstream_apache2: released (2.2.8-5)
19
dapper_apache2: ignored
21
feisty_apache2: ignored
22
devel_apache2: ignored