Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-0211

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

Published

2019-04-08T22:29:00.387

Last Modified

2025-04-04T15:34:11.407

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-416
  • Type: Secondary
    CWE-416
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application apache http_server ≤ 2.4.38 Yes
Operating System fedoraproject fedora 28 Yes
Operating System fedoraproject fedora 29 Yes
Operating System fedoraproject fedora 30 Yes
Operating System canonical ubuntu_linux 14.04 Yes
Operating System canonical ubuntu_linux 16.04 Yes
Operating System canonical ubuntu_linux 18.04 Yes
Operating System canonical ubuntu_linux 18.10 Yes
Operating System debian debian_linux 9.0 Yes
Operating System opensuse leap 15.0 Yes
Operating System opensuse leap 42.3 Yes
Application netapp oncommand_unified_manager - Yes
Application redhat jboss_core_services 1.0 Yes
Application redhat openshift_container_platform 3.11 Yes
Application redhat openshift_container_platform_for_power 3.11_ppc64le Yes
Application redhat software_collections 1.0 Yes
Operating System redhat enterprise_linux 8.0 Yes
Operating System redhat enterprise_linux_eus 8.1 Yes
Operating System redhat enterprise_linux_eus 8.2 Yes
Operating System redhat enterprise_linux_eus 8.4 Yes
Operating System redhat enterprise_linux_eus 8.6 Yes
Operating System redhat enterprise_linux_eus 8.8 Yes
Operating System redhat enterprise_linux_for_arm_64 8.0_aarch64 Yes
Operating System redhat enterprise_linux_for_arm_64_eus 8.1_aarch64 Yes
Operating System redhat enterprise_linux_for_arm_64_eus 8.2_aarch64 Yes
Operating System redhat enterprise_linux_for_arm_64_eus 8.4_aarch64 Yes
Operating System redhat enterprise_linux_for_arm_64_eus 8.6_aarch64 Yes
Operating System redhat enterprise_linux_for_arm_64_eus 8.8_aarch64 Yes
Operating System redhat enterprise_linux_for_ibm_z_systems 8.0_s390x Yes
Operating System redhat enterprise_linux_for_ibm_z_systems_eus 8.1_s390x Yes
Operating System redhat enterprise_linux_for_ibm_z_systems_eus 8.2_s390x Yes
Operating System redhat enterprise_linux_for_ibm_z_systems_eus 8.4_s390x Yes
Operating System redhat enterprise_linux_for_ibm_z_systems_eus 8.6_s390x Yes
Operating System redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x Yes
Operating System redhat enterprise_linux_for_power_little_endian 8.0_ppc64le Yes
Operating System redhat enterprise_linux_for_power_little_endian_eus 8.1_ppc64le Yes
Operating System redhat enterprise_linux_for_power_little_endian_eus 8.2_ppc64le Yes
Operating System redhat enterprise_linux_for_power_little_endian_eus 8.4_ppc64le Yes
Operating System redhat enterprise_linux_for_power_little_endian_eus 8.6_ppc64le Yes
Operating System redhat enterprise_linux_for_power_little_endian_eus 8.8_ppc64le Yes
Operating System redhat enterprise_linux_server_aus 8.2 Yes
Operating System redhat enterprise_linux_server_aus 8.4 Yes
Operating System redhat enterprise_linux_server_aus 8.6 Yes
Operating System redhat enterprise_linux_server_tus 8.2 Yes
Operating System redhat enterprise_linux_server_tus 8.4 Yes
Operating System redhat enterprise_linux_server_tus 8.6 Yes
Operating System redhat enterprise_linux_server_tus 8.8 Yes
Operating System redhat enterprise_linux_update_services_for_sap_solutions 8.0 Yes
Operating System redhat enterprise_linux_update_services_for_sap_solutions 8.1 Yes
Operating System redhat enterprise_linux_update_services_for_sap_solutions 8.4 Yes
Operating System redhat enterprise_linux_update_services_for_sap_solutions 8.6 Yes
Operating System redhat enterprise_linux_update_services_for_sap_solutions 8.8 Yes
Application oracle communications_session_report_manager 8.0.0 Yes
Application oracle communications_session_report_manager 8.1.0 Yes
Application oracle communications_session_report_manager 8.1.1 Yes
Application oracle communications_session_report_manager 8.2.0 Yes
Application oracle communications_session_route_manager 8.0.0 Yes
Application oracle communications_session_route_manager 8.1.0 Yes
Application oracle communications_session_route_manager 8.1.1 Yes
Application oracle communications_session_route_manager 8.2.0 Yes
Application oracle enterprise_manager_ops_center 12.3.3 Yes
Application oracle enterprise_manager_ops_center 12.4.0 Yes
Application oracle http_server 12.2.1.3.0 Yes
Application oracle instantis_enterprisetrack 17.1 Yes
Application oracle instantis_enterprisetrack 17.2 Yes
Application oracle instantis_enterprisetrack 17.3 Yes
Application oracle retail_xstore_point_of_service 7.0 Yes
Application oracle retail_xstore_point_of_service 7.1 Yes
References