CVE-2019-0211 - In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executi

CVE-2019-0211

Summary

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

References

Vulnerable Configurations

cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 06-06-2021 - 11:15)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

redhat via4

advisories

rhsa
id RHBA-2019:0959
rhsa
id RHSA-2019:0746
rhsa
id RHSA-2019:0980
rhsa
id RHSA-2019:1296
rhsa
id RHSA-2019:1297
rhsa
id RHSA-2019:1543

rpms

httpd24-httpd-0:2.4.34-7.el6.1
httpd24-httpd-0:2.4.34-7.el7.1
httpd24-httpd-debuginfo-0:2.4.34-7.el6.1
httpd24-httpd-debuginfo-0:2.4.34-7.el7.1
httpd24-httpd-devel-0:2.4.34-7.el6.1
httpd24-httpd-devel-0:2.4.34-7.el7.1
httpd24-httpd-manual-0:2.4.34-7.el6.1
httpd24-httpd-manual-0:2.4.34-7.el7.1
httpd24-httpd-tools-0:2.4.34-7.el6.1
httpd24-httpd-tools-0:2.4.34-7.el7.1
httpd24-mod_auth_mellon-0:0.13.1-2.el7.1
httpd24-mod_auth_mellon-debuginfo-0:0.13.1-2.el7.1
httpd24-mod_ldap-0:2.4.34-7.el6.1
httpd24-mod_ldap-0:2.4.34-7.el7.1
httpd24-mod_md-0:2.4.34-7.el7.1
httpd24-mod_proxy_html-1:2.4.34-7.el6.1
httpd24-mod_proxy_html-1:2.4.34-7.el7.1
httpd24-mod_session-0:2.4.34-7.el6.1
httpd24-mod_session-0:2.4.34-7.el7.1
httpd24-mod_ssl-1:2.4.34-7.el6.1
httpd24-mod_ssl-1:2.4.34-7.el7.1
httpd-0:2.4.37-11.module+el8.0.0+2969+90015743
httpd-debuginfo-0:2.4.37-11.module+el8.0.0+2969+90015743
httpd-debugsource-0:2.4.37-11.module+el8.0.0+2969+90015743
httpd-devel-0:2.4.37-11.module+el8.0.0+2969+90015743
httpd-filesystem-0:2.4.37-11.module+el8.0.0+2969+90015743
httpd-manual-0:2.4.37-11.module+el8.0.0+2969+90015743
httpd-tools-0:2.4.37-11.module+el8.0.0+2969+90015743
httpd-tools-debuginfo-0:2.4.37-11.module+el8.0.0+2969+90015743
mod_http2-0:1.11.3-2.module+el8.0.0+2969+90015743
mod_http2-debuginfo-0:1.11.3-2.module+el8.0.0+2969+90015743
mod_http2-debugsource-0:1.11.3-2.module+el8.0.0+2969+90015743
mod_ldap-0:2.4.37-11.module+el8.0.0+2969+90015743
mod_ldap-debuginfo-0:2.4.37-11.module+el8.0.0+2969+90015743
mod_md-0:2.4.37-11.module+el8.0.0+2969+90015743
mod_md-debuginfo-0:2.4.37-11.module+el8.0.0+2969+90015743
mod_proxy_html-1:2.4.37-11.module+el8.0.0+2969+90015743
mod_proxy_html-debuginfo-1:2.4.37-11.module+el8.0.0+2969+90015743
mod_session-0:2.4.37-11.module+el8.0.0+2969+90015743
mod_session-debuginfo-0:2.4.37-11.module+el8.0.0+2969+90015743
mod_ssl-1:2.4.37-11.module+el8.0.0+2969+90015743
mod_ssl-debuginfo-1:2.4.37-11.module+el8.0.0+2969+90015743
jbcs-httpd24-httpd-0:2.4.29-40.jbcs.el6
jbcs-httpd24-httpd-0:2.4.29-40.jbcs.el7
jbcs-httpd24-httpd-debuginfo-0:2.4.29-40.jbcs.el6
jbcs-httpd24-httpd-debuginfo-0:2.4.29-40.jbcs.el7
jbcs-httpd24-httpd-devel-0:2.4.29-40.jbcs.el6
jbcs-httpd24-httpd-devel-0:2.4.29-40.jbcs.el7
jbcs-httpd24-httpd-manual-0:2.4.29-40.jbcs.el6
jbcs-httpd24-httpd-manual-0:2.4.29-40.jbcs.el7
jbcs-httpd24-httpd-selinux-0:2.4.29-40.jbcs.el6
jbcs-httpd24-httpd-selinux-0:2.4.29-40.jbcs.el7
jbcs-httpd24-httpd-tools-0:2.4.29-40.jbcs.el6
jbcs-httpd24-httpd-tools-0:2.4.29-40.jbcs.el7
jbcs-httpd24-mod_ldap-0:2.4.29-40.jbcs.el6
jbcs-httpd24-mod_ldap-0:2.4.29-40.jbcs.el7
jbcs-httpd24-mod_proxy_html-1:2.4.29-40.jbcs.el6
jbcs-httpd24-mod_proxy_html-1:2.4.29-40.jbcs.el7
jbcs-httpd24-mod_session-0:2.4.29-40.jbcs.el6
jbcs-httpd24-mod_session-0:2.4.29-40.jbcs.el7
jbcs-httpd24-mod_ssl-1:2.4.29-40.jbcs.el6
jbcs-httpd24-mod_ssl-1:2.4.29-40.jbcs.el7
jbcs-httpd24-openssl-1:1.0.2n-15.jbcs.el6
jbcs-httpd24-openssl-1:1.0.2n-15.jbcs.el7
jbcs-httpd24-openssl-debuginfo-1:1.0.2n-15.jbcs.el6
jbcs-httpd24-openssl-debuginfo-1:1.0.2n-15.jbcs.el7
jbcs-httpd24-openssl-devel-1:1.0.2n-15.jbcs.el6
jbcs-httpd24-openssl-devel-1:1.0.2n-15.jbcs.el7
jbcs-httpd24-openssl-libs-1:1.0.2n-15.jbcs.el6
jbcs-httpd24-openssl-libs-1:1.0.2n-15.jbcs.el7
jbcs-httpd24-openssl-perl-1:1.0.2n-15.jbcs.el6
jbcs-httpd24-openssl-perl-1:1.0.2n-15.jbcs.el7
jbcs-httpd24-openssl-static-1:1.0.2n-15.jbcs.el6
jbcs-httpd24-openssl-static-1:1.0.2n-15.jbcs.el7

refmap via4

bid	107666
bugtraq	20190403 [SECURITY] [DSA 4422-1] apache2 security update 20190407 [slackware-security] httpd (SSA:2019-096-01)
confirm	https://security.netapp.com/advisory/ntap-20190423-0001/ https://support.f5.com/csp/article/K32957101 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us https://www.synology.com/security/advisory/Synology_SA_19_14
debian	DSA-4422
exploit-db	46676
fedora	FEDORA-2019-119b14075a FEDORA-2019-a4ed7400f4 FEDORA-2019-cf7695b470
gentoo	GLSA-201904-20
misc	http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html http://www.apache.org/dist/httpd/CHANGES_2.4.39 https://httpd.apache.org/security/vulnerabilities_24.html https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
mlist	[announce] 20200131 Apache Software Foundation Security Report: 2019 [community-dev] 20190411 CVE-2019-0211 applicable to versions 2.2.x? [community-dev] 20190411 RE: CVE-2019-0211 applicable to versions 2.2.x? [community-dev] 20190411 Re: CVE-2019-0211 applicable to versions 2.2.x? [httpd-cvs] 20190611 svn commit: r1861068 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml [httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-users] 20190406 [users@httpd] CVE-2019-0211/0215/0217 [oss-security] 20190401 CVE-2019-0211: Apache HTTP Server privilege escalation from modules' scripts [oss-security] 20190726 Re: Statistics for distros lists updated for 2019Q2
suse	openSUSE-SU-2019:1190 openSUSE-SU-2019:1209 openSUSE-SU-2019:1258
ubuntu	USN-3937-1

Last major update

06-06-2021 - 11:15

Published

08-04-2019 - 22:29

Last modified

06-06-2021 - 11:15