CVE-2019-0211

HIGHScheduled

Published:Apr 8, 2019(7 years ago)

Modified:Oct 27, 2025

Local AccessNo InteractionLow Complexity

Vulnerability Description

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

Attack Characteristics

Local AccessLow ComplexityLow PrivilegesNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
apache	http_server	2.4.17 - 2.4.38	-
fedoraproject	fedora	-	-
fedoraproject	fedora	-

Timeline

Published
CVE disclosed publicly
Apr 8, 20197 years ago
Last Modified
Most recent update
Oct 27, 20256 months ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

103

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051....Broken Link
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061....Broken Link
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084....Broken Link

CVSS Score

v3.1

7.8/ 10.0

HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

At a Glance

Affected Products

103

References

apache / http_server

http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privile...Third Party Advisory

http://packetstormsecurity.com/files/152415/Slackware-Security-Advisor...Exploit

http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Lo...Exploit

http://www.apache.org/dist/httpd/CHANGES_2.4.39Broken Link

http://www.openwall.com/lists/oss-security/2019/04/02/3Mailing List

http://www.openwall.com/lists/oss-security/2019/07/26/7Mailing List

http://www.securityfocus.com/bid/107666Broken Link

https://access.redhat.com/errata/RHBA-2019:0959Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0746Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:0980Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1296Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1297Third Party Advisory

https://access.redhat.com/errata/RHSA-2019:1543Third Party Advisory

https://httpd.apache.org/security/vulnerabilities_24.htmlVendor Advisory

https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3...Mailing List

https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2c...Mailing List

https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8c...Mailing List

https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b...Mailing List

https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb...Mailing List

https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556...Mailing List

https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92...Mailing List

https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af9...Mailing List

https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b...Mailing List

https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9...Mailing List

https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde5...Mailing List

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e810260...Mailing List

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2...Mailing List

https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804...Mailing List

https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e...Mailing List

https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350...Mailing List

https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a...Mailing List

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f...Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists...Release Notes

https://seclists.org/bugtraq/2019/Apr/16Mailing List

https://seclists.org/bugtraq/2019/Apr/5Mailing List

https://security.gentoo.org/glsa/201904-20Third Party Advisory

https://security.netapp.com/advisory/ntap-20190423-0001/Third Party Advisory

https://support.f5.com/csp/article/K32957101Third Party Advisory

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=...Third Party Advisory

https://usn.ubuntu.com/3937-1/Third Party Advisory

https://www.debian.org/security/2019/dsa-4422Mailing List

https://www.exploit-db.com/exploits/46676/Exploit

https://www.oracle.com/security-alerts/cpuapr2020.htmlPatch

https://www.oracle.com/technetwork/security-advisory/cpujul2019-507283...Patch

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-507283...Patch

https://www.synology.com/security/advisory/Synology_SA_19_14Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051....Broken Link

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061....Broken Link

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084....Broken Link