Description
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
Remediation
References
Related Vulnerabilities
Oracle Application Server Other Vulnerability (CVE-2007-2119)
WordPress Plugin Delightful Downloads Directory Traversal (1.6.6)
WordPress Plugin Event Calendar WD-Responsive Event Calendar Cross-Site Scripting (1.0.93)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (3.9.4)