Back to search
CVE-2019-0211
Published: Apr 8, 2019
Modified: Oct 21, 2025
PUBLISHED
Description
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
| Vendor | Product | Versions |
|---|---|---|
Apache | Apache HTTP Server | affected 2.4.17 to 2.4.38 |
References
[oss-security] 20190401 CVE-2019-0211: Apache HTTP Server privilege escalation from modules' scripts
mailing-list
x_refsource_MLIST
107666
vdb-entry
x_refsource_BID
20190403 [SECURITY] [DSA 4422-1] apache2 security update
mailing-list
x_refsource_BUGTRAQ
https://www.synology.com/security/advisory/Synology_SA_19_14
x_refsource_CONFIRM
USN-3937-1
vendor-advisory
x_refsource_UBUNTU
FEDORA-2019-cf7695b470
vendor-advisory
x_refsource_FEDORA
DSA-4422
vendor-advisory
x_refsource_DEBIAN
[httpd-users] 20190406 [users@httpd] CVE-2019-0211/0215/0217
mailing-list
x_refsource_MLIST
FEDORA-2019-119b14075a
vendor-advisory
x_refsource_FEDORA
20190407 [slackware-security] httpd (SSA:2019-096-01)
mailing-list
x_refsource_BUGTRAQ
46676
exploit
x_refsource_EXPLOIT-DB
https://httpd.apache.org/security/vulnerabilities_24.html
x_refsource_MISC
http://www.apache.org/dist/httpd/CHANGES_2.4.39
x_refsource_MISC
[community-dev] 20190411 CVE-2019-0211 applicable to versions 2.2.x?
mailing-list
x_refsource_MLIST
[community-dev] 20190411 Re: CVE-2019-0211 applicable to versions 2.2.x?
mailing-list
x_refsource_MLIST
RHSA-2019:0746
vendor-advisory
x_refsource_REDHAT
openSUSE-SU-2019:1190
vendor-advisory
x_refsource_SUSE
[community-dev] 20190411 RE: CVE-2019-0211 applicable to versions 2.2.x?
mailing-list
x_refsource_MLIST
https://support.f5.com/csp/article/K32957101
x_refsource_CONFIRM
openSUSE-SU-2019:1209
vendor-advisory
x_refsource_SUSE
GLSA-201904-20
vendor-advisory
x_refsource_GENTOO
https://security.netapp.com/advisory/ntap-20190423-0001/
x_refsource_CONFIRM
openSUSE-SU-2019:1258
vendor-advisory
x_refsource_SUSE
RHSA-2019:0980
vendor-advisory
x_refsource_REDHAT
RHBA-2019:0959
vendor-advisory
x_refsource_REDHAT
FEDORA-2019-a4ed7400f4
vendor-advisory
x_refsource_FEDORA
RHSA-2019:1297
vendor-advisory
x_refsource_REDHAT
RHSA-2019:1296
vendor-advisory
x_refsource_REDHAT
[httpd-cvs] 20190611 svn commit: r1861068 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml
mailing-list
x_refsource_MLIST
RHSA-2019:1543
vendor-advisory
x_refsource_REDHAT
[oss-security] 20190726 Re: Statistics for distros lists updated for 2019Q2
mailing-list
x_refsource_MLIST
[announce] 20200131 Apache Software Foundation Security Report: 2019
mailing-list
x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.html
x_refsource_MISC
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
mailing-list
x_refsource_MLIST
[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now