exploit the possibilities
Showing 1 - 11 of 11 RSS Feed

CVE-2019-0211

Status Candidate

Overview

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

Related Files

Red Hat Security Advisory 2019-1543-01
Posted Jun 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1543-01 - This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-0495, CVE-2018-0732, CVE-2018-1000005, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000122, CVE-2018-14404, CVE-2019-0211
MD5 | 014d05dc10107dd19f55f53e14cf431a
Red Hat Security Advisory 2019-1297-01
Posted May 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1297-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 2 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section. It addresses denial of service and privilege escalation vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-0495, CVE-2018-0732, CVE-2019-0211
MD5 | f5f4d5eb277ad7396bb2fac8298aa1e5
Red Hat Security Advisory 2019-1296-01
Posted May 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1296-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. It serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. It addresses denial of service and privilege escalation vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-0495, CVE-2018-0732, CVE-2019-0211
MD5 | 645515b920ebbba980d69a1fe451f76e
Red Hat Security Advisory 2019-0980-01
Posted May 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0980-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2019-0211, CVE-2019-0215
MD5 | cd34c9ea389493608d01d4a7e0493294
Gentoo Linux Security Advisory 201904-20
Posted Apr 22, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-20 - A vulnerability in Apache might allow an attacker to escalate privileges. Versions less than 2.4.39 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2019-0211
MD5 | ced15922354e671e4c0a351a6c423500
Red Hat Security Advisory 2019-0746-01
Posted Apr 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0746-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2019-0211, CVE-2019-3878
MD5 | 7b1d8e194f2b9021ebf0ab857ca5e4d2
CARPE (DIEM) Apache 2.4.x Local Privilege Escalation
Posted Apr 8, 2019
Authored by Charles FOL | Site cfreal.github.io

Apache versions 2.4.17 up to 2.4.38 apache2ctl graceful logrotate local privilege escalation exploit.

tags | exploit, local
advisories | CVE-2019-0211
MD5 | 5c83e7c4b08d7c21ba57dab3c4dc0116
Slackware Security Advisory - httpd Updates
Posted Apr 8, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-0211
MD5 | b380ff7c61ee45cfbfe8797c825b8e72
Ubuntu Security Notice USN-3937-1
Posted Apr 4, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3937-1 - Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2018-17189, CVE-2018-17199, CVE-2019-0196, CVE-2019-0211, CVE-2019-0217, CVE-2019-0220
MD5 | 4c5be938f6500ff73e08b36e651987a9
Apache 2.4.38 Root Privilege Escalation
Posted Apr 4, 2019
Authored by Charles FOL | Site cfreal.github.io

Apache versions 2.4.17 through 2.4.38 suffer from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call.

tags | exploit, arbitrary, local, root
advisories | CVE-2019-0211
MD5 | a10477996e9695e8e509d183fa786a50
Debian Security Advisory 4422-1
Posted Apr 3, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4422-1 - Several vulnerabilities have been found in the Apache HTTP server.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2018-17189, CVE-2018-17199, CVE-2019-0196, CVE-2019-0211, CVE-2019-0217, CVE-2019-0220
MD5 | 79f884c8d6e40c65c035fb404d7b9ed4
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    25 Files
  • 17
    Oct 17th
    17 Files
  • 18
    Oct 18th
    3 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close