CyberSec.Space Logo
Back to CVE Browser

CVE-2019-0211

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score50.0370%
EPSS Percentile86.14th
PublishedApr 8, 2019
Last ModifiedOct 27, 2025

Vulnerability Description

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

Affected Platforms (CPE)

πŸ“¦
Apache

Http Server

>= 2.4.17 and <= 2.4.38
πŸ’»
Fedoraproject

Fedora

= 28
πŸ’»
Fedoraproject

Fedora

= 29
πŸ’»
Fedoraproject

Fedora

= 30
πŸ’»
Canonical

Ubuntu Linux

= 14.04
πŸ’»
Canonical

Ubuntu Linux

= 16.04
πŸ’»
Canonical

Ubuntu Linux

= 18.04
πŸ’»
Canonical

Ubuntu Linux

= 18.10
πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Opensuse

Leap

= 15.0
πŸ’»
Opensuse

Leap

= 42.3
πŸ“¦
Netapp

Oncommand Unified Manager

All versions
πŸ“¦
Redhat

Jboss Core Services

= 1.0
πŸ“¦
Redhat

Openshift Container Platform

= 3.11
πŸ“¦
Redhat

Openshift Container Platform For Power

= 3.11_ppc64le
πŸ“¦
Redhat

Software Collections

= 1.0
πŸ’»
Redhat

Enterprise Linux

= 8.0
πŸ’»
Redhat

Enterprise Linux Eus

= 8.1
πŸ’»
Redhat

Enterprise Linux Eus

= 8.2
πŸ’»
Redhat

Enterprise Linux Eus

= 8.4
πŸ’»
Redhat

Enterprise Linux Eus

= 8.6
πŸ’»
Redhat

Enterprise Linux Eus

= 8.8
πŸ’»
Redhat

Enterprise Linux For Arm 64

= 8.0_aarch64
πŸ’»
Redhat

Enterprise Linux For Arm 64 Eus

= 8.1_aarch64
πŸ’»
Redhat

Enterprise Linux For Arm 64 Eus

= 8.2_aarch64
πŸ’»
Redhat

Enterprise Linux For Arm 64 Eus

= 8.4_aarch64
πŸ’»
Redhat

Enterprise Linux For Arm 64 Eus

= 8.6_aarch64
πŸ’»
Redhat

Enterprise Linux For Arm 64 Eus

= 8.8_aarch64
πŸ’»
Redhat

Enterprise Linux For Ibm Z Systems

= 8.0_s390x
πŸ’»
Redhat

Enterprise Linux For Ibm Z Systems Eus

= 8.1_s390x
πŸ’»
Redhat

Enterprise Linux For Ibm Z Systems Eus

= 8.2_s390x
πŸ’»
Redhat

Enterprise Linux For Ibm Z Systems Eus

= 8.4_s390x
πŸ’»
Redhat

Enterprise Linux For Ibm Z Systems Eus

= 8.6_s390x
πŸ’»
Redhat

Enterprise Linux For Ibm Z Systems Eus

= 8.8_s390x
πŸ’»
Redhat

Enterprise Linux For Power Little Endian

= 8.0_ppc64le
πŸ’»
Redhat

Enterprise Linux For Power Little Endian Eus

= 8.1_ppc64le
πŸ’»
Redhat

Enterprise Linux For Power Little Endian Eus

= 8.2_ppc64le
πŸ’»
Redhat

Enterprise Linux For Power Little Endian Eus

= 8.4_ppc64le
πŸ’»
Redhat

Enterprise Linux For Power Little Endian Eus

= 8.6_ppc64le
πŸ’»
Redhat

Enterprise Linux For Power Little Endian Eus

= 8.8_ppc64le
πŸ’»
Redhat

Enterprise Linux Server Aus

= 8.2
πŸ’»
Redhat

Enterprise Linux Server Aus

= 8.4
πŸ’»
Redhat

Enterprise Linux Server Aus

= 8.6
πŸ’»
Redhat

Enterprise Linux Server Tus

= 8.2
πŸ’»
Redhat

Enterprise Linux Server Tus

= 8.4
πŸ’»
Redhat

Enterprise Linux Server Tus

= 8.6
πŸ’»
Redhat

Enterprise Linux Server Tus

= 8.8
πŸ’»
Redhat

Enterprise Linux Update Services For Sap Solutions

= 8.0
πŸ’»
Redhat

Enterprise Linux Update Services For Sap Solutions

= 8.1
πŸ’»
Redhat

Enterprise Linux Update Services For Sap Solutions

= 8.4
πŸ’»
Redhat

Enterprise Linux Update Services For Sap Solutions

= 8.6
πŸ’»
Redhat

Enterprise Linux Update Services For Sap Solutions

= 8.8
πŸ“¦
Oracle

Communications Session Report Manager

= 8.0.0
πŸ“¦
Oracle

Communications Session Report Manager

= 8.1.0
πŸ“¦
Oracle

Communications Session Report Manager

= 8.1.1
πŸ“¦
Oracle

Communications Session Report Manager

= 8.2.0
πŸ“¦
Oracle

Communications Session Route Manager

= 8.0.0
πŸ“¦
Oracle

Communications Session Route Manager

= 8.1.0
πŸ“¦
Oracle

Communications Session Route Manager

= 8.1.1
πŸ“¦
Oracle

Communications Session Route Manager

= 8.2.0
πŸ“¦
Oracle

Enterprise Manager Ops Center

= 12.3.3
πŸ“¦
Oracle

Enterprise Manager Ops Center

= 12.4.0
πŸ“¦
Oracle

Http Server

= 12.2.1.3.0
πŸ“¦
Oracle

Instantis Enterprisetrack

= 17.1
πŸ“¦
Oracle

Instantis Enterprisetrack

= 17.2
πŸ“¦
Oracle

Instantis Enterprisetrack

= 17.3
πŸ“¦
Oracle

Retail Xstore Point Of Service

= 7.0
πŸ“¦
Oracle

Retail Xstore Point Of Service

= 7.1

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html
πŸ”— http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html
πŸ”— http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html
πŸ”— http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html
πŸ”— http://www.apache.org/dist/httpd/CHANGES_2.4.39
πŸ”— http://www.openwall.com/lists/oss-security/2019/04/02/3

Related Vulnerabilities

CVE-2020-2506610.0

A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of servi...

CVE-2018-1881510.0

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO Ja...

CVE-2018-403110.0

An exploitable vulnerability exists in the safe browsing function of the CUJO Smart Firewall, version 7003. The flaw lies in the w...

CVE-2020-2628210.0

BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR f...