7.2
CVSSv2

CVE-2019-0211

Published: 08/04/2019 Updated: 24/04/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 704
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

A vulnerability in the Apache HTTP Server could allow a local malicious user to execute arbitrary code on a targeted system. The vulnerability exists because worker or prefork MPM events mishandle code that is executed in less-privileged child processes or threads. An attacker could exploit this vulnerability by accessing the system and manipulating the scoreboard used for parent and child inter-communications. A successful exploit could allow the malicious user to execute arbitrary code in the security context of the parent process, which is typically root. Apache has confirmed the vulnerability and released software updates.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheHttp Server2.4.17, 2.4.18, 2.4.19, 2.4.20, 2.4.21, 2.4.22, 2.4.23, 2.4.24, 2.4.25, 2.4.26, 2.4.27, 2.4.28, 2.4.29, 2.4.30, 2.4.32, 2.4.33, 2.4.34, 2.4.35, 2.4.36, 2.4.37, 2.4.38
CanonicalUbuntu Linux14.04, 16.04, 18.04, 18.10
DebianDebian Linux9.0
FedoraprojectFedora29, 30
OpensuseLeap15.0, 42.3

Vendor Advisories

Synopsis Important: httpd24-httpd and httpd24-mod_auth_mellon security update Type/Severity Security Advisory: Important Topic An update for httpd24-httpd and httpd24-mod_auth_mellon is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact ...
In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard (CVE-2019-0211 ) ...
Severity Unknown Remote Unknown Type Unknown Description AVG-946 apache 2438-1 2439-1 Medium Testing ...
Several security issues were fixed in the Apache HTTP Server ...
Several vulnerabilities have been found in the Apache HTTP server CVE-2018-17189 Gal Goldshtein of F5 Networks discovered a denial of service vulnerability in mod_http2 By sending malformed requests, the http/2 stream for that request unnecessarily occupied a server thread cleaning up incoming data, resulting in denial of service ...
In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard (CVE-2019-0211 ) ...
There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server CVE-2019-0211 affects version 9 non-windows platforms only ...

Exploits

<?php # CARPE (DIEM): CVE-2019-0211 Apache Root Privilege Escalation # Charles Fol # @cfreal_ # 2019-04-08 # # INFOS # # cfrealgithubio/carpe-diem-cve-2019-0211-apache-local-roothtml # # USAGE # # 1 Upload exploit to Apache HTTP server # 2 Send request to page # 3 Await 6:25AM for logrotate to restart Apache # 4 python35 is now s ...

Mailing Lists

Apache versions 2417 up to 2438 apache2ctl graceful logrotate local privilege escalation exploit ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2019-096-01) New httpd packages are available for Slackware 140, 141, 142, and -current to fix a security issue Here are the details from the Slackware 142 ChangeLog: +--------------------------+ patches/packages/httpd-2439-i586-1_slack142txz: Upgraded T ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4422-1 security () debian org wwwdebianorg/security/ Stefan Fritsch April 03, 2019 wwwdebianorg/security/faq ...
CVE-2019-0211: Apache HTTP Server privilege escalation from modules' scripts Severity: important Vendor: The Apache Software Foundation Versions Affected: httpd 2417 to 2438 Description: In Apache HTTP Server 24 releases 2417 to 2438, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (inclu ...

Github Repositories

数据年报 数据月报-3月 201904 信息源与信息类型占比 微信公众号 推荐 nickname_english weixin_no url title 国防科技要闻 CDSTIC mpweixinqqcom/s/LXR853Z4E5peVYq89tXKZA DARPA 2020财年研发预算 人工智能应用研究投资急剧增长 天融信阿尔法实验室 mpweixinqqcom/s/kwp5uxom7Amrj6S_-g8r4Q 天融信

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

A patchy Apache a-patchin: HTTP server gets fix for worrying root access hole
The Register • Shaun Nichols in San Francisco • 03 Apr 2019

Rogue 'worker' processes can sneak in with elevated privileges at startup

Apache HTTP Server has been given a patch to address a potentially serious elevation of privilege vulnerability.
Designated CVE-2019-0211, the flaw allows a "worker" process to change its privileges when the host server resets itself, potentially allowing anyone with a local account to run commands with root clearance, essentially giving them complete control over the targeted machine.
The bug was discovered by researcher Charles Fol of security shop Ambionics, who privately reported...

References

CWE-264http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.htmlhttp://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.htmlhttp://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.htmlhttp://www.apache.org/dist/httpd/CHANGES_2.4.39http://www.openwall.com/lists/oss-security/2019/04/02/3http://www.securityfocus.com/bid/107666https://access.redhat.com/errata/RHSA-2019:0746https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e@%3Cdev.community.apache.org%3Ehttps://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa@%3Cusers.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28@%3Cdev.community.apache.org%3Ehttps://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e@%3Cdev.community.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/https://seclists.org/bugtraq/2019/Apr/16https://seclists.org/bugtraq/2019/Apr/5https://security.gentoo.org/glsa/201904-20https://security.netapp.com/advisory/ntap-20190423-0001/https://support.f5.com/csp/article/K32957101https://usn.ubuntu.com/3937-1/https://www.debian.org/security/2019/dsa-4422https://www.exploit-db.com/exploits/46676/https://www.rapid7.com/db/vulnerabilities/debian-cve-2019-0211https://www.exploit-db.com/exploits/46676https://nvd.nist.govhttps://usn.ubuntu.com/3937-1/https://tools.cisco.com/security/center/viewAlert.x?alertId=59917