Security News > 2019 > April > PoC exploit for Carpe Diem Apache bug released

PoC exploit for Carpe Diem Apache bug released
2019-04-09 09:25

Charles Fol, the security engineer that unearthed the Carpe Diem Apache HTTP Server bug (CVE-2019-0211), has released an exploit for it. “This is between a POC and a proper exploit. I added tons of comments, it is meant to be educational as well,” he noted, but added that it “might fail for a dozen of reasons.” Still, it might help attackers to create a more stable one and deploy it in attacks, so admins – … More → The post PoC exploit for Carpe Diem Apache bug released appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/fbZkLjxFxuc/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-04-08 CVE-2019-0211 Use After Free vulnerability in multiple products
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apache 281 13 549 713 367 1642