CVE-2019-0211

{"id": "CVE-2019-0211", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-04-08T22:29:00.387", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", "tags": ["Broken Link", "Mailing List", "Release Notes", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", "tags": ["Broken Link", "Mailing List", "Release Notes", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", "tags": ["Broken Link", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "http://www.apache.org/dist/httpd/CHANGES_2.4.39", "tags": ["Broken Link", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2019/04/02/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2019/07/26/7", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "http://www.securityfocus.com/bid/107666", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHBA-2019:0959", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:0746", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:0980", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1296", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1297", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1543", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "tags": ["Vendor Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "security@apache.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", "tags": ["Release Notes"], "source": "security@apache.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", "tags": ["Release Notes"], "source": "security@apache.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", "tags": ["Release Notes"], "source": "security@apache.org"}, {"url": "https://seclists.org/bugtraq/2019/Apr/16", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://seclists.org/bugtraq/2019/Apr/5", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://security.gentoo.org/glsa/201904-20", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://security.netapp.com/advisory/ntap-20190423-0001/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://support.f5.com/csp/article/K32957101", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://usn.ubuntu.com/3937-1/", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.debian.org/security/2019/dsa-4422", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.exploit-db.com/exploits/46676/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["Patch", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_14", "tags": ["Third Party Advisory"], "source": "security@apache.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", "tags": ["Broken Link", "Mailing List", "Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", "tags": ["Broken Link", "Mailing List", "Release Notes", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", "tags": ["Broken Link", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.apache.org/dist/httpd/CHANGES_2.4.39", "tags": ["Broken Link", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2019/04/02/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2019/07/26/7", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/107666", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHBA-2019:0959", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:0746", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:0980", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1296", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1297", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1543", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/bugtraq/2019/Apr/16", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/bugtraq/2019/Apr/5", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.gentoo.org/glsa/201904-20", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.netapp.com/advisory/ntap-20190423-0001/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.f5.com/csp/article/K32957101", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://usn.ubuntu.com/3937-1/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.debian.org/security/2019/dsa-4422", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/46676/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.synology.com/security/advisory/Synology_SA_19_14", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected."}, {"lang": "es", "value": "En Apache HTTP Server 2.4, versiones 2.4.17 a 2.4.38, con el evento MPM, worker o prefork, el c\u00f3digo ejecut\u00e1ndose en procesos hijo (o hilos) menos privilegiados (incluyendo scripts ejecutados por un int\u00e9rprete de scripts en proceso) podr\u00eda ejecutar c\u00f3digo arbitrario con los privilegios del proceso padre (normalmente root) manipulando el marcador. Los sistemas que no son Unix no se ven afectados."}], "lastModified": "2025-04-04T15:34:11.407", "cisaActionDue": "2022-05-03", "cisaExploitAdd": "2021-11-03", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AF858A9-701E-44F6-8DB1-36B76C40733A", "versionEndIncluding": "2.4.38", "versionStartIncluding": "2.4.17"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", "vulnerable": true, "matchCriteriaId": "B3293E55-5506-4587-A318-D1734F781C09"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9"}, {"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "vulnerable": true, "matchCriteriaId": "3FA5E22C-489B-4C5F-A5F3-C03F45CA8811"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2466282-51AB-478D-9FF4-FA524265ED2E"}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B"}, {"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6005C278-5443-42EA-9D16-220FBF17FC95"}, {"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92BC9265-6959-4D37-BE5E-8C45E98992F8"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "831F0F47-3565-4763-B16F-C87B1FF2035E"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E3F09B5-569F-4C58-9FCA-3C0953D107B5"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A47EF78-A5B6-4B89-8B74-EEB0647C549F"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FF1A19F-8A15-471A-B496-E1B4BA788356"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAD7EC1D-5979-42E6-9DA6-355B53431F3B"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE49DCA5-1B01-4478-A1E9-2E87E948A0C1"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37B7CE5C-BFEA-4F96-9759-D511EF189059"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "213593D4-EB5A-4A1B-BDF3-3F043C5F6A6C"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "00966AC5-1C84-4B5F-9665-5E99D4AEB3A2"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D04F433-CB52-4F3D-8711-39D3BDA27FE3"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07332196-7E36-4E95-81BC-DD959629C1BE"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22C65F53-D624-48A9-A9B7-4C78A31E19F9"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F505D098-2143-4218-A528-D92BFC017FFD"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "96E5CEC7-D3B9-4895-96E9-E26D2ACF1AE3"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BB28CF82-799F-4A6E-B1DB-0AB423E6C05D"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F91F9255-4EE1-43C7-8831-D2B6C228BFD9"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1CA946D-1665-4874-9D41-C7D963DD1F56"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3D1213C-EB9C-4475-9268-86AD947D256E"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3ADDB02D-F377-43CE-B0A8-FC6C7D5CFABC"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E881C927-DF96-4D2E-9887-FF12E456B1FB"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB096D5D-E8F6-4164-8B76-0217B7151D30"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01ED4F33-EBE7-4C04-8312-3DA580EFFB68"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DDF6809-53A7-4F7D-9FA8-B522BE8F7A21"}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA86A15F-FAB8-4DF5-95AC-DA3D1CF7A720"}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532"}, {"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996"}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B042935-BC42-4CA8-9379-7F0F894F9653"}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B374F86-4EC8-4797-A8C3-5C1FF1DFC9F8"}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B"}, {"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E"}, {"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24"}, {"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4"}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F87FC90-16D0-4051-8280-B0DD4441F10B"}, {"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apache HTTP Server Privilege Escalation Vulnerability"}