{"vulnerability": "CVE-2019-0211", "sightings": [{"uuid": "0d9e4986-5b35-45f2-ba56-5fad727cc5b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "71c0f992-8bfd-4fbf-8d9f-340007949327", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:16.000000Z"}, {"uuid": "85c6273c-37cd-4123-9cd7-415839680cf0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2971155", "content": "", "creation_timestamp": "2024-12-24T20:25:04.433123Z"}, {"uuid": "fc2be5e9-25a5-451a-863b-d002a1beed93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "seen", "source": "https://gist.github.com/winterswang/4908fd900e5f5a047bafb32001894038", "content": "", "creation_timestamp": "2026-03-11T04:03:33.000000Z"}, {"uuid": "8d99986c-4d87-4b4f-bc3b-c0963083db12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:41.000000Z"}, {"uuid": "5004779a-5a90-4bef-9d60-3419e29ebadd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "published-proof-of-concept", "source": "https://t.me/ExcreamOnSecurity/38", "content": "CVE-2019-0211 Apache LPE \nPoC: https://github.com/cfreal/exploits/blob/master/CVE-2019-0211-apache/cfreal-carpediem.php\nBlogpost: https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html\n\n#exploit #apache", "creation_timestamp": "2019-04-08T14:42:28.000000Z"}, {"uuid": "ffa5dccd-a223-44d9-afac-bc51c9351c96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2019-0211", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9847fe06-eb50-4ed4-9988-fa4fc4f93da1", "content": "", "creation_timestamp": "2026-02-02T12:28:35.265342Z"}, {"uuid": "29936880-0943-43a8-8ac5-68f554db74b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "seen", "source": "Telegram/SuMKbW_sWOULCJCEImCAzFWeHenJo7L0cTLPJUm-OBBYYOs", "content": "", "creation_timestamp": "2019-04-19T16:28:50.000000Z"}, {"uuid": "67a46a3c-869a-43e1-9e43-c6621cc3064f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "published-proof-of-concept", "source": "https://t.me/antichat/4361", "content": "CVE-2019-0211 Apache Root Privilege Escalation\nhttps://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache", "creation_timestamp": "2019-04-08T21:54:18.000000Z"}, {"uuid": "fd1cd986-275f-47ce-8267-111ffa61892d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "published-proof-of-concept", "source": "https://t.me/antichat/4283", "content": "CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation\nhttps://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html", "creation_timestamp": "2019-04-03T09:44:02.000000Z"}, {"uuid": "a6504e54-cf76-48a5-aa38-7067d988feff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2019-0211", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=377", "content": "", "creation_timestamp": "2019-04-03T04:00:00.000000Z"}, {"uuid": "c528d334-20b4-4dae-ab32-fa6e37004aee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "seen", "source": "https://t.me/arpsyndicate/1937", "content": "#ExploitObserverAlert\n\nCVE-2019-0211\n\nDESCRIPTION: Exploit Observer has 81 entries related to CVE-2019-0211. In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.\n\nFIRST-EPSS: 0.974190000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-18T07:19:48.000000Z"}, {"uuid": "e6b18867-5740-425e-951f-dc019dd489d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "published-proof-of-concept", "source": "https://t.me/ExcreamOnSecurity/24", "content": "From version 2.4.17 (Oct 9, 2015) to version 2.4.38 (Apr 1, 2019), Apache HTTP suffers from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call. The vulnerability is triggered when Apache gracefully restarts (apache2ctl graceful). In standard Linux configurations, the logrotate utility runs this command once a day, at 6:25AM, in order to reset log file handles\n\nhttps://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html\n\nThe vulnerability affects mod_prefork, mod_worker and mod_event. The following bug description, code walkthrough and exploit target mod_prefork\n#exploit #vulnerability #apache", "creation_timestamp": "2019-04-04T11:53:20.000000Z"}, {"uuid": "e378918a-499d-45ba-83eb-de2541f9a9c2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "seen", "source": "https://t.me/information_security_channel/26076", "content": "Apache HTTP server security update fixes multiple security vulnerabilities including the privilege escalation vulnerability that allows users to run PHP, CGI script to gain the root access. Apache Privilege Escalation The vulnerability affects all the releases between 2.4.17 to 2.4.38, and it can be tracked as CVE-2019-0211. A low privileged user could execute arbitrary code [\u2026]\nThe post A Flaw in Apache HTTP Server Allows any Users to Gain Root Access (https://gbhackers.com/apache-http-server-flaw/) appeared first on GBHackers On Security (https://gbhackers.com/).", "creation_timestamp": "2019-04-03T01:51:58.000000Z"}, {"uuid": "bbf1f92a-92c8-4923-89df-f46df32ef17d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "seen", "source": "https://t.me/arpsyndicate/1275", "content": "#ExploitObserverAlert\n\nCVE-2019-0211\n\nDESCRIPTION: Exploit Observer has 80 entries related to CVE-2019-0211. In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.\n\nFIRST-EPSS: 0.974190000\nNVD-IS: 5.9\nNVD-ES: 1.8", "creation_timestamp": "2023-12-04T18:36:17.000000Z"}, {"uuid": "88825ffc-eb70-431d-8916-cfbca2df0910", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "seen", "source": "https://t.me/cyberden_team/354", "content": "\u200b\u041f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0441\u044f \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u043c \u0434\u043b\u044f \u0441\u043a\u0430\u043d\u0430 \u043f\u043e\u0440\u0442\u043e\u0432 \u0438 \u043f\u043e\u0438\u0441\u043a\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439\n\nnrich \u2014 \u043d\u043e\u0432\u044b\u0439 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u043d\u043e\u0439 \u0441\u0442\u0440\u043e\u043a\u0438 \u043e\u0442 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u043e\u0432 Shodan \u0434\u043b\u044f \u0431\u044b\u0441\u0442\u0440\u043e\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0430 \u0441\u043f\u0438\u0441\u043a\u0430 IP-\u0430\u0434\u0440\u0435\u0441\u043e\u0432 \u0438 \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a\u0438\u0435 \u0438\u0437 \u043d\u0438\u0445 \u0438\u043c\u0435\u044e\u0442 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0435 \u043f\u043e\u0440\u0442\u044b/\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430\n\n$ wget https://gitlab.com/api/v4/projects/33695681/packages/generic/nrich/latest/nrich_latest_amd64.deb\n$ sudo dpkg -i nrich_latest_amd64.deb\n\n\u0414\u043b\u044f \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0431\u044b \u0443\u0431\u0435\u0434\u0438\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u043e\u043d \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442, \u043c\u043e\u0436\u043d\u043e \u043d\u0430\u043f\u0438\u0441\u0430\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u0443 echo \u0438 \u0430\u0434\u0440\u0435\u0441. \u041a \u043f\u0440\u0438\u043c\u0435\u0440\u0443:\n\n$ echo 149.202.182.140 | nrich -\n\n\u0414\u0430\u043b\u0435\u0435 \u043c\u044b \u0432\u0438\u0434\u0438\u043c \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442: \n\n149.202.182.140 (ftptech1.pcsoft.fr)\n  Ports: 21, 80, 111, 443\n  CPEs: cpe:/a:proftpd:proftpd:1.3.5b, cpe:/a:apache:http_server:2.4.25\n  Vulnerabilities: CVE-2018-11763, CVE-2019-0220, CVE-2017-15710, CVE-2018-1312, CVE-2019-0197, CVE-2017-9798, CVE-2018-1283, CVE-2017-7668, CVE-2017-3169, CVE-2017-15715, CVE-2017-7659, CVE-2018-1333, CVE-2019-0211, CVE-2019-12815, CVE-2017-3167, CVE-2017-9788, CVE-2019-0196, CVE-2017-7679, CVE-2018-17199\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\n\n$ nrich --help \n\n\u0414\u0430\u043b\u0435\u0435 \u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0441\u044f \u0441\u043f\u0438\u0441\u043a\u043e\u043c \u043a\u043e\u043c\u0430\u043d\u0434 \u0438\u0441\u0445\u043e\u0434\u044f \u0438\u0437 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u044f", "creation_timestamp": "2022-02-18T16:23:37.000000Z"}, {"uuid": "d972f401-fd27-45a4-aded-a73152537ebc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "seen", "source": "https://t.me/ctinow/164893", "content": "https://ift.tt/Yoz9mn4\nCVE-2019-0211 | Oracle Instantis EnterpriseTrack 17.1/17.2/17.3 Apache HTTP Server access control (EDB-46676 / BID-107666)", "creation_timestamp": "2024-01-09T10:06:50.000000Z"}, {"uuid": "251da925-e56d-488d-a9f3-746fac979648", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "published-proof-of-concept", "source": "https://t.me/HackerOne/2411", "content": "Apache Root Privilege Escalation\nhttps://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html", "creation_timestamp": "2019-04-06T12:24:04.000000Z"}, {"uuid": "a9aeab6b-6abd-4b8e-b4ba-a9c94f5068b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/2497", "content": "CVE-2019-0211 Apache Root Privilege Escalation\nhttps://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache", "creation_timestamp": "2019-04-09T08:23:48.000000Z"}, {"uuid": "5efd118c-3ebe-4416-980d-14235297e613", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "seen", "source": "https://t.me/thehackernews/245", "content": "New Apache Web Server Vulnerability Threatens Security of Shared Web Hosts\n.\n\nhttps://thehackernews.com/2019/04/apache-web-server-security.html\n\nThe flaw (CVE-2019-0211) could allow less-privileged web host users to execute arbitrary code with root privileges on the targeted servers.", "creation_timestamp": "2019-04-02T19:48:56.000000Z"}, {"uuid": "80a68056-d4a2-4ab0-9074-05b6142a5c4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "published-proof-of-concept", "source": "https://t.me/SecLabNews/4687", "content": "\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a \u0427\u0430\u0440\u043b\u044c\u0437 \u0424\u043e\u043b (Charles Fol) \u0440\u0430\u0437\u043c\u0435\u0441\u0442\u0438\u043b \u043d\u0430 \u043f\u043e\u0440\u0442\u0430\u043b\u0435 GitHub PoC-\u043a\u043e\u0434 \u0434\u043b\u044f \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u043e\u0439 \u0438\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 Carpe Diem (CVE-2019-0211) \u0432 Apache HTTP Server 2.4, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0435\u0439 \u043f\u0440\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0431\u0441\u0442\u043e\u044f\u0442\u0435\u043b\u044c\u0441\u0442\u0432\u0430\u0445 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u0434 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 \u0441\u0443\u043f\u0435\u0440\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0438 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c.    \n\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d PoC-\u043a\u043e\u0434 \u0434\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Apache HTTP Server", "creation_timestamp": "2019-04-10T10:01:48.000000Z"}, {"uuid": "320ea1e9-e7e4-4c38-b743-c461969f71a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/5366", "content": "CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation\nhttps://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html", "creation_timestamp": "2019-04-03T11:32:18.000000Z"}, {"uuid": "2f47d7b9-0f67-4357-a07e-b507e3ff5235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "published-proof-of-concept", "source": "https://t.me/canyoupwnme/5378", "content": "CVE-2019-0211 Apache Root Privilege Escalation\nhttps://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache", "creation_timestamp": "2019-04-08T23:52:21.000000Z"}, {"uuid": "54692d38-a6ac-401e-8be4-b64c9daf2a25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2019-0211", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/392", "content": "#exploit\n1. CVE-2019-0192:\nIn Apache Solr vers. 5.0.0 - 5.5.5, 6.0.0 - 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request\nhttps://github.com/Rapidsafeguard/Solr-RCE-CVE-2019-0192 \n\n2. CVE-2019-0211:\nIn Apache HTTP Server 2.4 (2.4.17-2.4.38), with MPM event, worker or prefork, code executing in less-privileged child processes/threads could execute arbitrary code with the privileges of the parent process (root) by manipulating the scoreboard\nhttps://github.com/ozkanbilge/Apache-Exploit-2019", "creation_timestamp": "2024-05-08T02:00:10.000000Z"}]}