Description
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
Remediation
References
Related Vulnerabilities
MediaWiki Observable Discrepancy Vulnerability (CVE-2022-41765)
ownCloud Improper Authentication Vulnerability (CVE-2014-2047)
WordPress Plugin Polylang Cross-Site Request Forgery (2.5)
Oracle Database Server CVE-2008-1816 Vulnerability (CVE-2008-1816)
WordPress Plugin Ceceppa Multilingua Unspecified Vulnerability (1.5.3)