CVE-2007-1742

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server (httpd) version 2.2.3

Description: The issue in suexec allows local users to potentially perform unauthorized operations on incorrect directories due to a partial comparison for verifying the current directory within the document root. This could be exploited in scenarios such as having "html backup" and "htmleditor" under an "html" directory. It's noted that the vendor disputes this issue, stating that the described attacks rely on an insecure server configuration where the user has write access to the document root.

Recommendations: For Apache HTTP Server (httpd) version 2.2.3, consider reconfiguring server settings to prevent users from having write access to the document root as a mitigation measure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.