Description

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

Remediation

References

CVE-2019-0211

Related Vulnerabilities

WordPress Plugin Showbiz Pro Responsive Teaser Arbitrary File Upload (1.7.1)

WordPress Plugin Bannerlid Cross-Site Scripting (1.1.0)

PHP Cryptographic Issues Vulnerability (CVE-2012-2143)

Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-39128)

WordPress Plugin Contest Gallery-Photo Contest for WordPress Cross-Site Request Forgery (10.4.1.1)

Severity

High

Classification

CVE-2019-0211 CWE-416 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities