Privilege escalation in Apache HTTP Server - CVE-2019-0211
Published: April 2, 2019 / Updated: February 20, 2022
Vulnerability identifier: #VU18110
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2019-0211
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
The vulnerability is being exploited in the wild
Vendor: Apache Foundation
Affected software:
Apache HTTP Server
Apache HTTP Server
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within MPM implementation due to the application does not properly maintain each child's listener bucket number in the scoreboard that may lead to unprivileged code or scripts run by server (e.g. via mod_php) to modify the scoreboard and abuse the privileged main process.
A local user can execute arbitrary code on the system with privileges of the Apache HTTP Server code process.
How to mitigate CVE-2019-0211
Install updates from vendor's website.