CVE-2019-0211
| CVE Published | 2019-04-08 |
|---|---|
| Related CWE(s) | CWE-416: Use After Free |
| Related Vendor(s) | oracle, netapp, debian, redhat, fedoraproject, apache, canonical, opensuse |
| Related Product(s) | enterprise_linux_for_arm_64, communications_session_route_manager, oncommand_unified_manager, enterprise_linux_eus, enterprise_linux_server_tus, enterprise_linux_for_arm_64_eus, enterprise_linux_server_aus, openshift_container_platform_for_power, ubuntu_linux, enterprise_linux_update_services_for_sap_solutions, enterprise_linux_for_power_little_endian_eus, instantis_enterprisetrack, enterprise_linux_for_ibm_z_systems, openshift_container_platform, retail_xstore_point_of_service, enterprise_linux_for_ibm_z_systems_eus, enterprise_manager_ops_center, jboss_core_services, enterprise_linux, enterprise_linux_for_power_little_endian, fedora, http_server, software_collections, debian_linux, leap, communications_session_report_manager |
| Exploitation Reported (CISA KEV) | 2021-11-03 |
| CVSS 3 Base Score | 7.8 (HIGH) |
| CVSS 3 Attack Complexity | LOW |
| CVSS 3 Attack Vector | LOCAL |
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
Cyber Threat Graph Context
Explore how this CVE relates to the wider threat graph