Lucene search

K
cvelistApacheCVELIST:CVE-2019-0211
HistoryApr 08, 2019 - 9:31 p.m.

CVE-2019-0211

2019-04-0821:31:09
apache
www.cve.org

7.2 High

AI Score

Confidence

High

0.974 High

EPSS

Percentile

99.9%

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

CNA Affected

[
  {
    "product": "Apache HTTP Server",
    "vendor": "Apache",
    "versions": [
      {
        "status": "affected",
        "version": "2.4.17 to 2.4.38"
      }
    ]
  }
]

References