PT-2019-1764 · Apache+5 · Apache Http Server+5

Publicado

2019-04-01

Atualizado

2026-02-07

CVE-2019-0211

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.17 through 2.4.38

Description The vulnerability is related to insufficient access control in the MPM module of the Apache HTTP Server, allowing an attacker to execute arbitrary code with root privileges by manipulating the scoreboard. This issue affects Unix systems and can be exploited by executing code in less-privileged child processes or threads, including scripts executed by an in-process scripting interpreter. Non-Unix systems are not affected.

Recommendations For Apache HTTP Server versions 2.4.17 through 2.4.38, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the scoreboard to minimize the risk of exploitation. Additionally, restrict the execution of scripts in less-privileged child processes or threads to reduce the attack surface.

Exploit

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416CWE-250

Identificadores relacionados

ALT-PU-2019-1580

BDU:2019-01404

CESA-2019_0980

CVE-2019-0211

DSA-4422-1

ELSA-2019-0980

OPENSUSE-SU-2019:1209-1

OPENSUSE-SU-2019_1190-1

OPENSUSE-SU-2019_1209-1

OPENSUSE-SU-2019_1258-1

RHSA-2019:0746

RHSA-2019:0980

RHSA-2019:1297

RHSA-2019_0980

SUSE-SU-2019:0873-1

SUSE-SU-2019:0878-1

SUSE-SU-2019_0873-1

SUSE-SU-2019_0878-1

USN-3937-1

Produtos afetados

Alt Linux

Apache Http Server

Centos

Red Hat

Suse

Ubuntu

PT-2019-1764 · Apache+5 · Apache Http Server+5

CVE-2019-0211

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 119