In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

OSVersionArchitecturePackageVersionFilename
Debian12allapache2< 2.4.38-3apache2_2.4.38-3_all.deb
Debian11allapache2< 2.4.38-3apache2_2.4.38-3_all.deb
Debian999allapache2< 2.4.38-3apache2_2.4.38-3_all.deb
Debian13allapache2< 2.4.38-3apache2_2.4.38-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	apache2	< 2.4.38-3	apache2_2.4.38-3_all.deb
Debian	11	all	apache2	< 2.4.38-3	apache2_2.4.38-3_all.deb
Debian	999	all	apache2	< 2.4.38-3	apache2_2.4.38-3_all.deb
Debian	13	all	apache2	< 2.4.38-3	apache2_2.4.38-3_all.deb

nessus 29

checkpoint_advisories 1

ubuntucve 1

nvd 1

zdt 1

gentoo 1

attackerkb 2

thn 3

openvas 13

myhack58 2

cve 1

slackware 1

veracode 1

osv 2

symantec 2

exploitpack 1

cisa_kev 1

cvelist 1

redhatcve 1

httpd 1

packetstorm 1

f5 1

alpinelinux 1

prion 1

exploitdb 1

ibm 16

redhat 5

oraclelinux 1

hackerone 1

fedora 3

altlinux 3

suse 3

debian 2

archlinux 1

ubuntu 1

kaspersky 1

photon 6

freebsd 1

amazon 2

qualysblog 1

oracle 3

nessus

Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2019-096-01)

2019-04-08 00:00:00

GLSA-201904-20 : Apache: Privilege escalation

2019-04-23 00:00:00

RHEL 8 : httpd:2.4 (RHSA-2019:0980)

2019-05-07 00:00:00

checkpoint_advisories

Apache HTTP Server File Upload Privilege Escalation (CVE-2019-0211)

2019-04-15 00:00:00

ubuntucve

CVE-2019-0211

2019-04-02 00:00:00

nvd

CVE-2019-0211

2019-04-08 22:29:00

zdt

Apache 2.4.17 < 2.4.38 - apache2ctl graceful (logrotate) Local Privilege Escalation Exploit

2019-04-08 00:00:00

gentoo

Apache: Privilege escalation

2019-04-22 00:00:00

attackerkb

CVE-2019-0211

2019-04-08 00:00:00

CVE-2019-0211

2019-04-08 00:00:00

thn

Bug or Feature? Hidden Web Application Vulnerabilities Uncovered

2023-12-15 11:08:00

Why Everyone Needs to Take the Latest CISA Directive Seriously

2021-12-03 09:23:00

New Apache Web Server Bug Threatens Security of Shared Web Hosts

2019-04-02 17:38:00

openvas

Slackware: Security Advisory (SSA:2019-096-01)

2022-04-21 00:00:00

Apache HTTP Server < 2.4.39 Privilege Escalation Vulnerability - Linux

2019-04-08 00:00:00

Western Digital My Cloud Multiple Products < 2.31.183 Multiple Vulnerabilities

2020-09-02 00:00:00

myhack58

Apache HTTP Server components to mention the right vulnerability alerts-a vulnerability alert-the black bar safety net

2019-04-03 00:00:00

Apache mention the right vulnerability, CVE-2019-0211）step on the pit-vulnerability warning-the black bar safety net

2019-04-15 00:00:00

cve

CVE-2019-0211

2019-04-08 22:29:00

slackware

[slackware-security] httpd

2019-04-06 20:06:27

veracode

Arbitrary Code Execution

2019-05-16 03:58:58

osv

CVE-2019-0211

2019-04-08 22:29:00

apache2 - security update

2019-04-03 00:00:00

symantec

Apache HTTP Server CVE-2019-0211 Local Privilege Escalation Vulnerability

2019-04-01 00:00:00

Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020

2020-06-12 20:41:37

exploitpack

Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation

2019-04-08 00:00:00

cisa_kev

Apache HTTP Server Privilege Escalation Vulnerability

2021-11-03 00:00:00

cvelist

CVE-2019-0211

2019-04-08 21:31:09

redhatcve

CVE-2019-0211

2020-04-03 13:58:57

httpd

Apache Httpd < 2.4.39 : Apache HTTP Server privilege escalation from modules' scripts

2019-02-22 00:00:00

packetstorm

CARPE (DIEM) Apache 2.4.x Local Privilege Escalation

2019-04-08 00:00:00

K32957101 : Apache HTTPD vulnerability CVE-2019-0211

2019-04-11 00:00:00

alpinelinux

CVE-2019-0211

2019-04-08 22:29:00

prion

Code injection

2019-04-08 22:29:00

exploitdb

Apache 2.4.17 < 2.4.38 - 'apache2ctl graceful' 'logrotate' Local Privilege Escalation

2019-04-08 00:00:00

ibm

Security Bulletin: Multiple Apache HTTP Server vulnerabilities in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Performance Manager (CVE-2019-0211 CVE-2019-0220)

2019-05-09 10:25:01

Security Bulletin: Multiple Vulnerabilities in IBM HTTP Server bundled with IBM Cloud Pak System (CVE-2019-0211 CVE-2019-0220)

2019-09-24 09:08:07

Security Bulletin: A security vulnerability has been identified in IBM HTTP Server, a component of IBM WebSphere Application Server, which is shipped with, or a required product for, IBM Tivoli Netcool Configuration Manager (CVE-2019-0211, CVE-2019-0220)

2023-06-28 22:14:09

redhat

(RHSA-2019:0746) Important: httpd24-httpd and httpd24-mod_auth_mellon security update

2019-04-11 11:39:02

(RHSA-2019:0980) Important: httpd:2.4 security update

2019-05-07 03:39:54

(RHSA-2019:1296) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP2 security update

2019-05-30 14:46:35

oraclelinux

httpd:2.4 security update

2019-07-30 00:00:00

hackerone

Internet Bug Bounty: Apache HTTP [2.4.17-2.4.38] Local Root Privilege Escalation

2019-04-02 15:17:43

fedora

[SECURITY] Fedora 28 Update: httpd-2.4.39-1.1.fc28

2019-05-14 01:06:32

[SECURITY] Fedora 29 Update: httpd-2.4.39-2.fc29

2019-04-06 19:44:50

[SECURITY] Fedora 30 Update: httpd-2.4.39-2.fc30

2019-04-05 00:03:02

altlinux

Security fix for the ALT Linux 10 package apache2 version 1:2.4.39-alt1

2019-04-02 00:00:00

Security fix for the ALT Linux 9 package apache2 version 1:2.4.39-alt1

2019-04-02 00:00:00

Security fix for the ALT Linux 8 package apache2 version 1:2.4.39-alt1

2019-04-03 00:00:00

suse

Security update for apache2 (important)

2019-04-23 00:00:00

Security update for apache2 (important)

2019-04-16 00:00:00

Security update for apache2 (important)

2019-04-11 00:00:00

debian

[SECURITY] [DSA 4422-1] apache2 security update

2019-04-03 09:10:59

[SECURITY] [DSA 4422-1] apache2 security update

2019-04-03 09:10:59

archlinux

[ASA-201904-3] apache: multiple issues

2019-04-05 00:00:00

ubuntu

Apache HTTP Server vulnerabilities

2019-04-04 00:00:00

kaspersky

KLA12365 Multiple vulnerabilities in Apache HTTP Server

2019-04-01 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0230

2019-04-30 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0157

2019-05-03 00:00:00

Important Photon OS Security Update - PHSA-2019-0013

2019-04-30 00:00:00

freebsd

Apache -- Multiple vulnerabilities

2019-04-01 00:00:00

amazon

Important: httpd24

2019-04-05 20:05:00

Important: httpd

2019-04-04 21:49:00

qualysblog

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

oracle

Oracle Critical Patch Update Advisory - October 2019

2020-01-22 00:00:00

Oracle Critical Patch Update Advisory - July 2019

2019-07-16 00:00:00

Oracle Critical Patch Update Advisory - April 2020

2020-04-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.974 High

EPSS

Percentile

99.9%

JSON

Related for DEBIANCVE:CVE-2019-0211