exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2019-0211

Status Candidate

Overview

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

Related Files

Red Hat Security Advisory 2019-1543-01
Posted Jun 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1543-01 - This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. Issues addressed include denial of service, null pointer, and out of bounds write vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-0495, CVE-2018-0732, CVE-2018-1000005, CVE-2018-1000007, CVE-2018-1000120, CVE-2018-1000122, CVE-2018-14404, CVE-2019-0211
SHA-256 | 87a60175fe0e0dde7ae7865168e89fd3521aa1306210d2d9c8b32e05f763b1a9
Red Hat Security Advisory 2019-1297-01
Posted May 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1297-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.29 Service Pack 2 serves as an update to Red Hat JBoss Core Services Apache HTTP Server 2.4.29, and includes bug fixes for CVEs which are linked to in the References section. It addresses denial of service and privilege escalation vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-0495, CVE-2018-0732, CVE-2019-0211
SHA-256 | 1d3819c3a795696655f8712247c8df410655f69b1a073bb7b1b32d9271562472
Red Hat Security Advisory 2019-1296-01
Posted May 30, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-1296-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.29 Service Pack 2 packages that are part of the JBoss Core Services offering. It serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.29 SP1, and includes bug fixes and enhancements. It addresses denial of service and privilege escalation vulnerabilities.

tags | advisory, web, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-0495, CVE-2018-0732, CVE-2019-0211
SHA-256 | 5ed148ee5c1aa1a8483ec13ffbf8a1df403d3b3e5e5aa321f31d0c7e9dc09b53
Red Hat Security Advisory 2019-0980-01
Posted May 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0980-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2019-0211, CVE-2019-0215
SHA-256 | 0d471fc4d79ad4660814e40b39efce40484b416271cee12b400763cc07a0892b
Gentoo Linux Security Advisory 201904-20
Posted Apr 22, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201904-20 - A vulnerability in Apache might allow an attacker to escalate privileges. Versions less than 2.4.39 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2019-0211
SHA-256 | 2cdba9d32af03109ac1eff106634e51e531f016a5c8f2f4ca8d95ed2ff604c97
Red Hat Security Advisory 2019-0746-01
Posted Apr 11, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-0746-01 - The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of version 2.4 of the Apache HTTP Server, along with the mod_auth_kerb module. Issues addressed include a bypass vulnerability.

tags | advisory, web, bypass
systems | linux, redhat
advisories | CVE-2019-0211, CVE-2019-3878
SHA-256 | 202bd8c08a315a52b0d871b6653eba41c7ffe2586133300b1cfc9f7fb04287e6
CARPE (DIEM) Apache 2.4.x Local Privilege Escalation
Posted Apr 8, 2019
Authored by Charles FOL | Site cfreal.github.io

Apache versions 2.4.17 up to 2.4.38 apache2ctl graceful logrotate local privilege escalation exploit.

tags | exploit, local
advisories | CVE-2019-0211
SHA-256 | 3319265a25f9489c7617752a0f4a299d38530c30caf7932b9bb2b32075e9f1b7
Slackware Security Advisory - httpd Updates
Posted Apr 8, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New httpd packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-0211
SHA-256 | 9be71db2b131b2b10709f7b3ee6d53e6af06d87b4d850361ae89afcf06e5a270
Ubuntu Security Notice USN-3937-1
Posted Apr 4, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3937-1 - Charles Fol discovered that the Apache HTTP Server incorrectly handled the scoreboard shared memory area. A remote attacker able to upload and run scripts could possibly use this issue to execute arbitrary code with root privileges. It was discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain requests. A remote attacker could possibly use this issue to cause the server to consume resources, leading to a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 18.10. Various other issues were also addressed.

tags | advisory, remote, web, denial of service, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2018-17189, CVE-2018-17199, CVE-2019-0196, CVE-2019-0211, CVE-2019-0217, CVE-2019-0220
SHA-256 | c17a43ba53d0845a663b1213936884d7465b45def0d79156050131ef37d78a6d
Apache 2.4.38 Root Privilege Escalation
Posted Apr 4, 2019
Authored by Charles FOL | Site cfreal.github.io

Apache versions 2.4.17 through 2.4.38 suffer from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call.

tags | exploit, arbitrary, local, root
advisories | CVE-2019-0211
SHA-256 | 9525ffd9aefbc06136c75f55edd33355815fc7df0b0f150a337892cfad9ed4bd
Debian Security Advisory 4422-1
Posted Apr 3, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4422-1 - Several vulnerabilities have been found in the Apache HTTP server.

tags | advisory, web, vulnerability
systems | linux, debian
advisories | CVE-2018-17189, CVE-2018-17199, CVE-2019-0196, CVE-2019-0211, CVE-2019-0217, CVE-2019-0220
SHA-256 | 961d97f7066c2153712981e824caca1ecdd1c8ed3bcf22d5649c1e105a41be19
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close