This is an entry in the Common Vulnerability Index under number CVE-2019-0211. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2019-0211

Description: A flaw was found in Apache where code executing in a less-privileged child process or thread could execute arbitrary code with the privilege of the parent process (usually root). An attacker having access to run arbitrary scripts on the web server (PHP, CGI etc) could use this flaw to run code on the web server with root privileges.

This flaw can only be exploited if users have access to upload and run untrusted scripts (PHP, CGI etc) on the web server. This kind of setup is very common in shared hosting environments etc.

Status: Candidate

 Note for CVEs with status "Candidate": Candidates must be reviewed and accepted by the CVE Editorial Board before they can be added to the official CVE list. Therefore, these candidates may be modified or even rejected in the future. They are provided for use by individuals who have a need for an early numbering scheme for items that have not been fully reviewed by the Editorial Board.


Third-party comments:

According to an analysis conducted by Rapid7, more than 2,000,000 servers, many on public cloud platforms, are still running vulnerable versions of Apache. Most of the flawed systems are in the United States (~770,000), Germany (~224,000), and France (~111,000).

Copyright Notice for CVE (provided in accordance with the MITRE Corporation's Terms of Use: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.

Leave a Reply

Your email address will not be published. Required fields are marked *