In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected. (CVE-2019-0211)

Impact

There is no impact; F5 products are not affected by this vulnerability.

CPENameOperatorVersion
big-iq centralized managementeq5.0.0
big-iq centralized managementeq5.1.0
big-iq centralized managementeq5.2.0
big-iq centralized managementeq5.3.0
big-iq centralized managementeq5.4.0
big-iq centralized managementeq6.0.0
big-iq centralized managementeq6.0.1
big-iq centralized managementeq6.1.0
big-ip afmeq11.5.2
big-ip afmeq11.5.3

Name	Operator	Version
big-iq centralized management	eq	5.0.0
big-iq centralized management	eq	5.1.0
big-iq centralized management	eq	5.2.0
big-iq centralized management	eq	5.3.0
big-iq centralized management	eq	5.4.0
big-iq centralized management	eq	6.0.0
big-iq centralized management	eq	6.0.1
big-iq centralized management	eq	6.1.0
big-ip afm	eq	11.5.2
big-ip afm	eq	11.5.3

Rows per page:

1-10 of 2261

osv 2

veracode 1

slackware 1

exploitpack 1

symantec 2

nessus 29

checkpoint_advisories 1

zdt 1

gentoo 1

ubuntucve 1

debiancve 1

myhack58 2

thn 3

openvas 13

attackerkb 2

cve 1

prion 1

alpinelinux 1

redhatcve 1

httpd 1

cisa_kev 1

packetstorm 1

exploitdb 1

ibm 16

redhat 5

oraclelinux 1

hackerone 1

fedora 3

altlinux 3

suse 3

archlinux 1

ubuntu 1

debian 2

amazon 2

freebsd 1

photon 6

kaspersky 1

qualysblog 1

oracle 3

osv

CVE-2019-0211

2019-04-08 22:29:00

apache2 - security update

2019-04-03 00:00:00

veracode

Arbitrary Code Execution

2019-05-16 03:58:58

slackware

[slackware-security] httpd

2019-04-06 20:06:27

exploitpack

Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation

2019-04-08 00:00:00

symantec

Apache HTTP Server CVE-2019-0211 Local Privilege Escalation Vulnerability

2019-04-01 00:00:00

Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020

2020-06-12 20:41:37

nessus

GLSA-201904-20 : Apache: Privilege escalation

2019-04-23 00:00:00

Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2019-096-01)

2019-04-08 00:00:00

IBM HTTP Server 7.0.0.0 <= 7.0.0.45 / 8.0.0.0 <= 8.0.0.15 / 8.5.0.0 < 8.5.5.16 / 9.0.0.0 < 9.0.5.0 Multiple Vulnerabilities (880413)

2021-01-06 00:00:00

checkpoint_advisories

Apache HTTP Server File Upload Privilege Escalation (CVE-2019-0211)

2019-04-15 00:00:00

zdt

Apache 2.4.17 < 2.4.38 - apache2ctl graceful (logrotate) Local Privilege Escalation Exploit

2019-04-08 00:00:00

gentoo

Apache: Privilege escalation

2019-04-22 00:00:00

ubuntucve

CVE-2019-0211

2019-04-02 00:00:00

debiancve

CVE-2019-0211

2019-04-08 22:29:00

myhack58

Apache HTTP Server components to mention the right vulnerability alerts-a vulnerability alert-the black bar safety net

2019-04-03 00:00:00

Apache mention the right vulnerability, CVE-2019-0211）step on the pit-vulnerability warning-the black bar safety net

2019-04-15 00:00:00

thn

Bug or Feature? Hidden Web Application Vulnerabilities Uncovered

2023-12-15 11:08:00

Why Everyone Needs to Take the Latest CISA Directive Seriously

2021-12-03 09:23:00

New Apache Web Server Bug Threatens Security of Shared Web Hosts

2019-04-02 17:38:00

openvas

Slackware: Security Advisory (SSA:2019-096-01)

2022-04-21 00:00:00

Apache HTTP Server < 2.4.39 Privilege Escalation Vulnerability - Linux

2019-04-08 00:00:00

Western Digital My Cloud Multiple Products < 2.31.183 Multiple Vulnerabilities

2020-09-02 00:00:00

attackerkb

CVE-2019-0211

2019-04-08 00:00:00

CVE-2019-0211

2019-04-08 00:00:00

cve

CVE-2019-0211

2019-04-08 22:29:00

prion

Code injection

2019-04-08 22:29:00

alpinelinux

CVE-2019-0211

2019-04-08 22:29:00

redhatcve

CVE-2019-0211

2020-04-03 13:58:57

httpd

Apache Httpd < 2.4.39 : Apache HTTP Server privilege escalation from modules' scripts

2019-02-22 00:00:00

cisa_kev

Apache HTTP Server Privilege Escalation Vulnerability

2021-11-03 00:00:00

packetstorm

CARPE (DIEM) Apache 2.4.x Local Privilege Escalation

2019-04-08 00:00:00

exploitdb

Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation

2019-04-08 00:00:00

ibm

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Security Policy Manager (CVE-2019-0220)

2019-05-02 22:10:01

Security Bulletin: Security vulnerabilities have been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2019-0211, CVE-2019-0220)

2019-05-07 03:55:01

Security Bulletin: IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Edition is affected by HTTP Server vulnerabilities

2019-10-21 07:20:12

redhat

(RHSA-2019:0746) Important: httpd24-httpd and httpd24-mod_auth_mellon security update

2019-04-11 11:39:02

(RHSA-2019:0980) Important: httpd:2.4 security update

2019-05-07 03:39:54

(RHSA-2019:1296) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update

2019-05-30 14:46:35

oraclelinux

httpd:2.4 security update

2019-07-30 00:00:00

hackerone

Internet Bug Bounty: Apache HTTP [2.4.17-2.4.38] Local Root Privilege Escalation

2019-04-02 15:17:43

fedora

[SECURITY] Fedora 28 Update: httpd-2.4.39-1.1.fc28

2019-05-14 01:06:32

[SECURITY] Fedora 29 Update: httpd-2.4.39-2.fc29

2019-04-06 19:44:50

[SECURITY] Fedora 30 Update: httpd-2.4.39-2.fc30

2019-04-05 00:03:02

altlinux

Security fix for the ALT Linux 10 package apache2 version 1:2.4.39-alt1

2019-04-02 00:00:00

Security fix for the ALT Linux 8 package apache2 version 1:2.4.39-alt1

2019-04-03 00:00:00

Security fix for the ALT Linux 9 package apache2 version 1:2.4.39-alt1

2019-04-02 00:00:00

suse

Security update for apache2 (important)

2019-04-16 00:00:00

Security update for apache2 (important)

2019-04-23 00:00:00

Security update for apache2 (important)

2019-04-11 00:00:00

archlinux

[ASA-201904-3] apache: multiple issues

2019-04-05 00:00:00

ubuntu

Apache HTTP Server vulnerabilities

2019-04-04 00:00:00

debian

[SECURITY] [DSA 4422-1] apache2 security update

2019-04-03 09:10:59

[SECURITY] [DSA 4422-1] apache2 security update

2019-04-03 09:10:59

amazon

Important: httpd24

2019-04-05 20:05:00

Important: httpd

2019-04-04 21:49:00

freebsd

Apache -- Multiple vulnerabilities

2019-04-01 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0230

2019-04-30 00:00:00

Important Photon OS Security Update - PHSA-2019-0013

2019-04-30 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0157

2019-05-03 00:00:00

kaspersky

KLA12365 Multiple vulnerabilities in Apache HTTP Server

2019-04-01 00:00:00

qualysblog

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

oracle

Oracle Critical Patch Update Advisory - October 2019

2020-01-22 00:00:00

Oracle Critical Patch Update Advisory - July 2019

2019-07-16 00:00:00

Oracle Critical Patch Update Advisory - April 2020

2020-04-14 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.974 High

EPSS

Percentile

99.9%

JSON

Related for F5:K32957101