Main Vulnerability Database Vulnerabilities #VU18110

#VU18110 Privilege escalation in Apache HTTP Server - CVE-2019-0211

Published: April 2, 2019 / Updated: February 20, 2022

Vulnerability identifier: #VU18110

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:A/U:Clear

CVE-ID: CVE-2019-0211

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
Apache HTTP Server

Software vendor:
Apache Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists within MPM implementation due to the application does not properly maintain each child's listener bucket number in the scoreboard that may lead to unprivileged code or scripts run by server (e.g. via mod_php) to modify the scoreboard and abuse the privileged main process.

A local user can execute arbitrary code on the system with privileges of the Apache HTTP Server code process.

Remediation

Install updates from vendor's website.

External links

http://www.apache.org/dist/httpd/CHANGES_2.4

#VU18110 Privilege escalation in Apache HTTP Server - CVE-2019-0211

Description

Remediation

External links

Please verify you're human