Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Apache HTTP Server Use After Free Vulnerability (CVE-2019-0211)

Description

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

Remediation

References

Related Vulnerabilities

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-6417)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Cross-Site Scripting (3.4.2)

WordPress Plugin Easy Forms for MailChimp Unspecified Vulnerability (6.0.3.2)

WordPress Plugin Analyticator Cross-Site Request Forgery (6.4.9.3)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-1649)

Severity

High

Classification

CVE-2019-0211 CWE-416 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities