CISA KEV 정보
| 취약점명 | Apache HTTP Server Privilege Escalation Vulnerability |
|---|---|
| 설명 | Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute code with the privileges of the parent process (usually root) by manipulating the scoreboard. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-416 |
| 등록일 (KEV) | 2021-11-03 |
| 조치 기한 | 2022-05-03 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2019-0211 |
NVD 상세 정보
CVSS v3.1: 7.8 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C설명: In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
CWE: CWE-416 | CWE-416
참조
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html [Broken Link, Mailing List, Release Notes, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html [Broken Link, Mailing List, Release Notes, Third Party Advisory]
- http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html [Broken Link, Third Party Advisory]
- http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html [Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html [Exploit, Third Party Advisory, VDB Entry]
- http://www.apache.org/dist/httpd/CHANGES_2.4.39 [Broken Link, Vendor Advisory]
- http://www.openwall.com/lists/oss-security/2019/04/02/3 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2019/07/26/7 [Mailing List]
- http://www.securityfocus.com/bid/107666 [Broken Link, Third Party Advisory, VDB Entry]
- https://access.redhat.com/errata/RHBA-2019:0959 [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2019:0746 [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2019:0980 [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2019:1296 [Third Party Advisory]
- https://access.redhat.com/errata/RHSA-2019:1297 [Third Party Advisory]
- ... 외 88건
This product uses the NVD API but is not endorsed or certified by the NVD.