CVE-2019-0211

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

References

https://www.exploit-db.com/exploits/46676/

https://www.debian.org/security/2019/dsa-4422

https://usn.ubuntu.com/3937-1/

https://seclists.org/bugtraq/2019/Apr/5

https://seclists.org/bugtraq/2019/Apr/16

https://lists.fedoraproject.org/archives/list/[email protected]/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/

https://lists.fedoraproject.org/archives/list/[email protected]/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/

https://lists.apache.org/thread.html/[email protected]%3Cusers.httpd.apache.org%3E

https://httpd.apache.org/security/vulnerabilities_24.html

http://www.securityfocus.com/bid/107666

http://www.openwall.com/lists/oss-security/2019/04/02/3

http://www.apache.org/dist/httpd/CHANGES_2.4.39

http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html

http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html

http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html

https://lists.apache.org/thread.html/[email protected]%3Cdev.community.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.community.apache.org%3E

https://access.redhat.com/errata/RHSA-2019:0746

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html

https://lists.apache.org/thread.html/[email protected]%3Cdev.community.apache.org%3E

https://support.f5.com/csp/article/K32957101

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html

https://security.gentoo.org/glsa/201904-20

https://security.netapp.com/advisory/ntap-20190423-0001/

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html

https://access.redhat.com/errata/RHSA-2019:0980

https://access.redhat.com/errata/RHBA-2019:0959

https://lists.fedoraproject.org/archives/list/[email protected]/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/

https://www.synology.com/security/advisory/Synology_SA_19_14

https://access.redhat.com/errata/RHSA-2019:1297

https://access.redhat.com/errata/RHSA-2019:1296

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://access.redhat.com/errata/RHSA-2019:1543

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

http://www.openwall.com/lists/oss-security/2019/07/26/7

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

https://lists.apache.org/thread.html/[email protected]%3Cannounce.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://www.oracle.com/security-alerts/cpuapr2020.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2019-04-08

Updated: 2021-06-06

Type: CWE-416

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 1.8

Severity: HIGH

Tenable Plugins

View all (28 total)

IDNameProductFamilySeverity
145599CentOS 8 : httpd:2.4 (CESA-2019:0980)NessusCentOS Local Security Checks
high
144774IBM HTTP Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 < 8.5.5.16 / 9.0.0.0 < 9.0.5.0 Multiple Vulnerabilities (880413)NessusWeb Servers
high
131476EulerOS Virtualization for ARM 64 3.0.3.0 : httpd (EulerOS-SA-2019-2311)NessusHuawei Local Security Checks
high
127570Oracle Linux 8 : httpd:2.4 (ELSA-2019-0980)NessusOracle Linux Local Security Checks
high
126781Oracle Fusion Middleware Oracle HTTP Server (Jul 2019 CPU)NessusWeb Servers
high
126777Oracle Enterprise Manager Ops Center (Jul 2019 CPU)NessusMisc.
critical
125616RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 (RHSA-2019:1297)NessusRed Hat Local Security Checks
high
124870Photon OS 1.0: Httpd PHSA-2019-1.0-0230NessusPhotonOS Local Security Checks
high
124680Photon OS 2.0: Httpd PHSA-2019-2.0-0157NessusPhotonOS Local Security Checks
high
124667RHEL 8 : httpd:2.4 (RHSA-2019:0980)NessusRed Hat Local Security Checks
high
124541Fedora 30 : httpd (2019-cf7695b470)NessusFedora Local Security Checks
high
124264openSUSE Security Update : apache2 (openSUSE-2019-1258)NessusSuSE Local Security Checks
high
124225GLSA-201904-20 : Apache: Privilege escalationNessusGentoo Local Security Checks
high
124125Amazon Linux 2 : httpd (ALAS-2019-1189)NessusAmazon Linux Local Security Checks
high
124102openSUSE Security Update : apache2 (openSUSE-2019-1209)NessusSuSE Local Security Checks
high
124098RHEL 6 / 7 : httpd24-httpd and httpd24-mod_auth_mellon (RHSA-2019:0746)NessusRed Hat Local Security Checks
high
124017openSUSE Security Update : apache2 (openSUSE-2019-1190)NessusSuSE Local Security Checks
high
123958Amazon Linux AMI : httpd24 (ALAS-2019-1189)NessusAmazon Linux Local Security Checks
high
98530Apache 2.4.x < 2.4.39 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
700509Apache HTTP Server < 2.4.39 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
123812Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2019-096-01)NessusSlackware Local Security Checks
high
123801Fedora 29 : httpd (2019-119b14075a)NessusFedora Local Security Checks
high
123787Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 18.10 : apache2 vulnerabilities (USN-3937-1)NessusUbuntu Local Security Checks
high
123785SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:0878-1)NessusSuSE Local Security Checks
high
123782SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2019:0873-1)NessusSuSE Local Security Checks
high
123691Debian DSA-4422-1 : apache2 - security updateNessusDebian Local Security Checks
high
123644FreeBSD : Apache -- Multiple vulnerabilities (cf2105c6-551b-11e9-b95c-b499baebfeaf)NessusFreeBSD Local Security Checks
high
123642Apache 2.4.x < 2.4.39 Multiple VulnerabilitiesNessusWeb Servers
high