Unrated severityNVD Advisory· Published Mar 6, 2013· Updated Apr 29, 2026

CVE-2013-1048

Description

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.

Affected products

Debian/Apache23 versions
cpe:2.3:a:debian:apache2:*:sid:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:debian:apache2:*:sid:*:*:*:*:*:*range: <=2.2.22-12
- cpe:2.3:a:debian:apache2:*:squeeze10:*:*:*:*:*:*range: <=2.2.16-6
- cpe:2.3:a:debian:apache2:*:wheezy:*:*:*:*:*:*range: <=2.2.22-12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.debian.org/debian-security/pool/updates/main/a/apache2/apache2_2.2.16-6+squeeze11.diff.gznvdPatch
www.debian.org/security/2013/dsa-2637nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000