CVE-2019-0211
Type:
Use After Free
Severity:
High
Publication date:
04/08/2019
Last modified:
06/06/2021
Description
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
Impact
Access Vector: Local
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Total commitment on system integrity + Total commitment on system confidentiality + Total commitment on system availability
Vulnerable software and versions
- cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
References to Advisories, Solutions, and Tools
- 46676 (Source: EXPLOIT-DB)
- DSA-4422 (Source: DEBIAN)
- USN-3937-1 (Source: UBUNTU)
- 20190403 [SECURITY] [DSA 4422-1] apache2 security update (Source: BUGTRAQ)
- 20190407 [slackware-security] httpd (SSA:2019-096-01) (Source: BUGTRAQ)
- FEDORA-2019-cf7695b470 (Source: FEDORA)
- FEDORA-2019-119b14075a (Source: FEDORA)
- [httpd-users] 20190406 [users@httpd] CVE-2019-0211/0215/0217 (Source: MLIST)
- https://httpd.apache.org/security/vulnerabilities_24.html (Source: MISC)
- 107666 (Source: BID)
- [oss-security] 20190401 CVE-2019-0211: Apache HTTP Server privilege escalation from modules' scripts (Source: MLIST)
- http://www.apache.org/dist/httpd/CHANGES_2.4.39 (Source: MISC)
- http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html (Source: MISC)
- http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html (Source: MISC)
- http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html (Source: MISC)
- [community-dev] 20190411 CVE-2019-0211 applicable to versions 2.2.x? (Source: MLIST)
- [community-dev] 20190411 Re: CVE-2019-0211 applicable to versions 2.2.x? (Source: MLIST)
- RHSA-2019:0746 (Source: REDHAT)
- openSUSE-SU-2019:1190 (Source: SUSE)
- [community-dev] 20190411 RE: CVE-2019-0211 applicable to versions 2.2.x? (Source: MLIST)
- https://support.f5.com/csp/article/K32957101 (Source: CONFIRM)
- openSUSE-SU-2019:1209 (Source: SUSE)
- GLSA-201904-20 (Source: GENTOO)
- https://security.netapp.com/advisory/ntap-20190423-0001/ (Source: CONFIRM)
- openSUSE-SU-2019:1258 (Source: SUSE)
- RHSA-2019:0980 (Source: REDHAT)
- RHBA-2019:0959 (Source: REDHAT)
- FEDORA-2019-a4ed7400f4 (Source: FEDORA)
- https://www.synology.com/security/advisory/Synology_SA_19_14 (Source: CONFIRM)
- RHSA-2019:1297 (Source: REDHAT)
- RHSA-2019:1296 (Source: REDHAT)
- [httpd-cvs] 20190611 svn commit: r1861068 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml (Source: MLIST)
- RHSA-2019:1543 (Source: REDHAT)
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html (Source: MISC)
- [oss-security] 20190726 Re: Statistics for distros lists updated for 2019Q2 (Source: MLIST)
- [httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (Source: MLIST)
- [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (Source: MLIST)
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us (Source: CONFIRM)
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html (Source: MISC)
- [announce] 20200131 Apache Software Foundation Security Report: 2019 (Source: MLIST)
- [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (Source: MLIST)
- [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (Source: MLIST)
- N/A (Source: N/A)
- [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ (Source: MLIST)
- [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ (Source: MLIST)
- [httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/ (Source: MLIST)
- [httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/ (Source: MLIST)
- [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (Source: MLIST)
- [httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ (Source: MLIST)
- [httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ (Source: MLIST)
- [httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (Source: MLIST)