Description
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP e-Commerce Shop Styling Remote File Inclusion (1.7.2)
WordPress Plugin Anti-Malware Security and Brute-Force Firewall Local File Inclusion (4.18.63)
Phusion Passenger Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2119)
Oracle Application Server CVE-2010-0070 Vulnerability (CVE-2010-0070)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4340)