CVE-2019-0211: Patched Apache HTTP Server Root Privilege Escalation Flaw, A Priority for Web Hosting Providers
A potentially serious escalation of privilege vulnerability (designated as CVE-2019-0211) in the open-source cross-platform web server software Apache has been patched. The flaw allows a “worker” process to change its privileges when the host server resets itself, which can consequently allow anyone with a local account to run commands with root clearance. Essentially, rogue server scripts can execute arbitrary code with root privileges via scoreboard manipulation and allow an attacker to gain complete control of a target machine.
Discovered by researcher Charles Fol from
Given that HTTP servers are used for web hosting, multiple users can have guest accounts on each machine. This means that an attacker can either sign up for an account to have a site hosted on a target server or compromise existing accounts. Successfully exploiting the vulnerability would provide an attacker with full access to a server, as if one’s a web host. This includes the ability to read, write, or delete any file or database of other clients. Interestingly, non-shared Apache servers can also be affected, since an attacker uploading a CGI script would gain automatic root access, as a result of CVE-2019-0211.
Addressing CVE-2019-0211 for server infrastructure security
According to Fol, tests yielded an 80% success rate, which could even be hiked up to 100% if worker processes are raised and attacks are retried whenever restart process runs. The researcher has already disclosed the PoC exploit code, so admins should prioritize implementing the security update now.
This vulnerability affects Apache web server releases for Unix systems, from version 2.4.17 (Oct. 9, 2015) to version 2.4.38 (Apr. 1, 2019). System administrators can patch the flaw by updating their servers to Apache
Updated as of April 12,
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: Trigona
- Steering Clear of Security Blind Spots: What SOCs Need to Know
- Understanding the Kubernetes Security Triad: Image Scanning, Admission Controllers, and Runtime Security
- Preempting Threats to Connected Cars: The Importance of Cybersecurity in a Data-Driven Automotive Ecosystem
- Your Stolen Data for Sale