Attacker Value
Moderate
(1 user assessed)
Exploitability
Moderate
(1 user assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
1

CVE-2019-0211

Disclosure Date: April 08, 2019
Exploited in the Wild
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Initial Access
Techniques
Validation
Validated
Validated
Validated

Description

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

Add Assessment

2
Ratings
Technical Analysis

A vulnerability in Apache server versions 2.4.17–2.4.38 caused by an out-of-bounds array access can lead to an arbitrary function call. An attacker can trigger this to execute code in the context of the parent Apache process which often runs as root. In order for the exploit to trigger however, the Apache process must gracefully restart. This can be done on demand using apache2ctl graceful, but is also done automatically once at day by the logrotate utility (according to the original disclosure).

This exploit is a Local Privilege Escalation (LPE) vulnerability, so an attacker would already need to have some control on the system. This likely could be achieved through some kind of application vulnerability depending on what the Apache server is running.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Vendors

  • apache,
  • canonical,
  • debian,
  • fedoraproject,
  • opensuse

Products

  • debian linux 9.0,
  • fedora 29,
  • fedora 30,
  • http server,
  • leap 15.0,
  • leap 42.3,
  • ubuntu linux 14.04,
  • ubuntu linux 16.04,
  • ubuntu linux 18.04,
  • ubuntu linux 18.10

Exploited in the Wild

Reported by:

References

Advisory

Additional Info

Technical Analysis