Security News > 2019 > April > Patched Apache flaw is a serious threat for web hosting providers

Patched Apache flaw is a serious threat for web hosting providers
2019-04-03 11:04

Organizations running Apache web servers are urged to implement the latest security update to fix a serious privilege escalation flaw (CVE-2019-0211) that can be triggered via scripts and could allow unprivileged web host users to execute code with root privileges, i.e. allow them to gain complete control of the machine. About CVE-2019-0211 Discovered by security researcher Charles Fol and dubbed Carpe Diem, the vulnerability affects only Apache HTTP Server on Unix systems. “In Apache HTTP … More → The post Patched Apache flaw is a serious threat for web hosting providers appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/DqIvsuI-Kyw/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-04-08 CVE-2019-0211 Use After Free vulnerability in multiple products
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 549 713 367 1642