DEBIAN-CVE-2013-1048

Advisory lineage Upstream: 1 Downstream: 1

Upstream

CVE-2013-1048

Downstream

DSA-2637-1

Published: 06 Mar 2013, 13:10

Last modified:28 Apr 2026, 20:12

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

06 Mar 2013, 13:10

Published

Vulnerability first disclosed

28 Apr 2026, 20:12

Last Modified

Vulnerability information updated

Description

The Debian apache2ctl script in the apache2 package squeeze before 2.2.16-6+squeeze11, wheezy before 2.2.22-13, and sid before 2.2.22-13 for the Apache HTTP Server on Debian GNU/Linux does not properly create the /var/lock/apache2 lock directory, which allows local users to gain privileges via an unspecified symlink attack.

Affected Systems

debian•apache2
< 2.2.22-13 | < 2.2.22-13 | < 2.2.22-13 | < 2.2.22-13

References (1)

https://security-tracker.debian.org/tracker/CVE-2013-1048