PoC exploit for Carpe Diem Apache bug released

2019-04-09 09:25

Charles Fol, the security engineer that unearthed the Carpe Diem Apache HTTP Server bug (CVE-2019-0211), has released an exploit for it. “This is between a POC and a proper exploit. I added tons of comments, it is meant to be educational as well,” he noted, but added that it “might fail for a dozen of reasons.” Still, it might help attackers to create a more stable one and deploy it in attacks, so admins – … More → The post PoC exploit for Carpe Diem Apache bug released appeared first on Help Net Security.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/fbZkLjxFxuc/

#apache #exploit #POC #CVE-2019-0211

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2019-04-08	CVE-2019-0211	Use After Free vulnerability in multiple products In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. local low complexity apache fedoraproject canonical debian opensuse netapp redhat oracle CWE-416	7.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Apache		281	13	544	711	366	1634