Description
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
Remediation
References
Related Vulnerabilities
WordPress Plugin Restricted Site Access Unspecified Vulnerability (2.0)
Joomla Incorrect Authorization Vulnerability (CVE-2010-1435)
Plone CMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-28736)
WordPress Plugin XforWooCommerce Security Bypass (1.6.4)
WordPress Plugin WP No External Links Spam Injection (4.2.2)