Description
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
Remediation
References
Related Vulnerabilities
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-5899)
Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9268)
OpenVPN AS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2061)
Django Insufficiently Protected Credentials Vulnerability (CVE-2018-16984)
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler SQL Injection (6.3.0)