PT-2019-1764 · Apache+5 · Apache Http Server+5

Published

2019-04-01

Updated

2026-02-07

CVE-2019-0211

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.17 through 2.4.38

Description The vulnerability is related to insufficient access control in the MPM module of the Apache HTTP Server, allowing an attacker to execute arbitrary code with root privileges by manipulating the scoreboard. This issue affects Unix systems and can be exploited by executing code in less-privileged child processes or threads, including scripts executed by an in-process scripting interpreter. Non-Unix systems are not affected.

Recommendations For Apache HTTP Server versions 2.4.17 through 2.4.38, update to a version outside of this range to resolve the issue. As a temporary workaround, consider restricting access to the scoreboard to minimize the risk of exploitation. Additionally, restrict the execution of scripts in less-privileged child processes or threads to reduce the attack surface.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416CWE-250

Related Identifiers

ALT-PU-2019-1580

BDU:2019-01404

CESA-2019_0980

CVE-2019-0211

DSA-4422-1

ELSA-2019-0980

OPENSUSE-SU-2019:1209-1

OPENSUSE-SU-2019_1190-1

OPENSUSE-SU-2019_1209-1

OPENSUSE-SU-2019_1258-1

RHSA-2019:0746

RHSA-2019:0980

RHSA-2019:1297

RHSA-2019_0980

SUSE-SU-2019:0873-1

SUSE-SU-2019:0878-1

SUSE-SU-2019_0873-1

SUSE-SU-2019_0878-1

USN-3937-1

Affected Products

Alt Linux

Apache Http Server

Centos

Red Hat

Suse

Ubuntu

PT-2019-1764 · Apache+5 · Apache Http Server+5

CVE-2019-0211

Weakness Enumeration

Related Identifiers

Affected Products

References · 119