In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
---|---|---|---|---|---|
CVE-2019-0211 | Apache HTTP Server Privilege Escalation Vulnerability | exploitation_technique | T1068 | Exploitation for Privilege Escalation |
Comments
CVE-2019-0211 is a privilege escalation vulnerability in Apache HTTP Server with MPM event, worker, or prefork that allows an attacker to execute code with the privileges of that parent process (usually root).
References
|