REQUEST A DEMO
Mitigation Instructions for CVE-2019-11043
November 29, 2024
Mitigation Instructions for CVE-2018-7600
November 29, 2024

Mitigation Instructions for CVE-2019-0211

by CyRisk

SUBJECT: CVE-2019-0211 Apache HTTP Server scoreboard RCE Vulnerability

TECH STACK: Apache HTTP Server v. 2.4.17 to 2.4.38

DATE(S) ISSUED: 20220407

CRITICALITY: 7.8

OVERVIEW:

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

THREAT INTELLIGENCE:

Exploit code for this vulnerability exists and it is actively being exploited by malicious threat actors.

SOLUTION:

System administrators can patch the flaw by updating their servers to Apache httpd version 2.4.39. Developers, programmers, and system admins that use Apache should also employ the principle of least privilege to prevent threats that may exploit related vulnerabilities.

REFERENCES:

NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-0211

APACHE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211

APACHE Downloads: https://httpd.apache.org/download.cgi

Leave a Reply

General Instructions for Upgrading an Apache HTTP Server to the Latest Version

November 26, 2024 by Kevin Lackey

Mitigation Instructions for CVE-2020-15778

November 26, 2024 by Kevin Lackey

    Mitigation Instructions for CVE-2014-4078

    November 26, 2024 by Kevin Lackey

    Discover more from CyRisk

    Subscribe now to keep reading and get access to the full archive.

    Continue reading