VYPR
Unrated severityNVD Advisory· Published Mar 6, 2013· Updated Jun 16, 2026

CVE-2013-1048

CVE-2013-1048

Description

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.

Affected products

4
  • Debian/Apache24 versions
    cpe:2.3:a:debian:apache2:*:sid:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:debian:apache2:*:sid:*:*:*:*:*:*range: <=2.2.22-12
    • cpe:2.3:a:debian:apache2:*:squeeze10:*:*:*:*:*:*range: <=2.2.16-6
    • cpe:2.3:a:debian:apache2:*:wheezy:*:*:*:*:*:*range: <=2.2.22-12
    • (no CPE)range: <2.2.16-6+squeeze11, 2.2.22-13

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.