7.8
CVE-2019-0211
- EPSS 85.73%
- Published 08.04.2019 22:29:00
- Last modified 04.04.2025 15:34:11
- Source security@apache.org
- Teams watchlist Login
- Open Login
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
Data is provided by the National Vulnerability Database (NVD)
Apache ≫ HTTP Server Version >= 2.4.17 <= 2.4.38
Fedoraproject ≫ Fedora Version28
Fedoraproject ≫ Fedora Version29
Fedoraproject ≫ Fedora Version30
Canonical ≫ Ubuntu Linux Version14.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version18.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version18.10
Debian ≫ Debian Linux Version9.0
Netapp ≫ Oncommand Unified Manager Version- SwPlatform7-mode
Redhat ≫ Jboss Core Services Version1.0
Redhat ≫ Openshift Container Platform Version3.11
Redhat ≫ Openshift Container Platform For Power Version3.11_ppc64le
Redhat ≫ Software Collections Version1.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Eus Version8.1
Redhat ≫ Enterprise Linux Eus Version8.2
Redhat ≫ Enterprise Linux Eus Version8.4
Redhat ≫ Enterprise Linux Eus Version8.6
Redhat ≫ Enterprise Linux Eus Version8.8
Redhat ≫ Enterprise Linux For Arm 64 Version8.0_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Eus Version8.1_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Eus Version8.2_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Eus Version8.4_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Eus Version8.6_aarch64
Redhat ≫ Enterprise Linux For Arm 64 Eus Version8.8_aarch64
Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.1_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.2_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.4_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.6_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.8_s390x
Redhat ≫ Enterprise Linux For Power Little Endian Version8.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.1_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.2_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.4_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.6_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.8_ppc64le
Redhat ≫ Enterprise Linux Server Aus Version8.2
Redhat ≫ Enterprise Linux Server Aus Version8.4
Redhat ≫ Enterprise Linux Server Aus Version8.6
Redhat ≫ Enterprise Linux Server Tus Version8.2
Redhat ≫ Enterprise Linux Server Tus Version8.4
Redhat ≫ Enterprise Linux Server Tus Version8.6
Redhat ≫ Enterprise Linux Server Tus Version8.8
Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.0
Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.1
Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.4
Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.6
Redhat ≫ Enterprise Linux Update Services For Sap Solutions Version8.8
Oracle ≫ Communications Session Report Manager Version8.0.0
Oracle ≫ Communications Session Report Manager Version8.1.0
Oracle ≫ Communications Session Report Manager Version8.1.1
Oracle ≫ Communications Session Report Manager Version8.2.0
Oracle ≫ Communications Session Route Manager Version8.0.0
Oracle ≫ Communications Session Route Manager Version8.1.0
Oracle ≫ Communications Session Route Manager Version8.1.1
Oracle ≫ Communications Session Route Manager Version8.2.0
Oracle ≫ Enterprise Manager Ops Center Version12.3.3
Oracle ≫ Enterprise Manager Ops Center Version12.4.0
Oracle ≫ HTTP Server Version12.2.1.3.0
Oracle ≫ Instantis Enterprisetrack Version17.1
Oracle ≫ Instantis Enterprisetrack Version17.2
Oracle ≫ Instantis Enterprisetrack Version17.3
Oracle ≫ Retail Xstore Point Of Service Version7.0
Oracle ≫ Retail Xstore Point Of Service Version7.1
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Apache HTTP Server Privilege Escalation Vulnerability
VulnerabilityApache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute code with the privileges of the parent process (usually root) by manipulating the scoreboard.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 85.73% | 0.993 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.