Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2019-0211

CVE-2019-0211

HIGH7.8

In Apache HTTP Server 2

Published Apr 8, 2019

Modified 4 months ago

Details

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

References(53)

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html

http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html

http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html

http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html

http://www.apache.org/dist/httpd/CHANGES_2.4.39

http://www.openwall.com/lists/oss-security/2019/04/02/3

http://www.openwall.com/lists/oss-security/2019/07/26/7

http://www.securityfocus.com/bid/107666

https://access.redhat.com/errata/RHBA-2019:0959

https://access.redhat.com/errata/RHSA-2019:0746

https://access.redhat.com/errata/RHSA-2019:0980

https://access.redhat.com/errata/RHSA-2019:1296

https://access.redhat.com/errata/RHSA-2019:1297

https://access.redhat.com/errata/RHSA-2019:1543

https://httpd.apache.org/security/vulnerabilities_24.html

https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E

https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E

https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E

https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E

https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

CVSS Analysis

CVSS v3.1

7.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Scope

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

7.8/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Ecosystems

Timeline

PublishedApr 8, 2019

ModifiedOct 21, 2025

CVE-2019-0211 | Mondoo Vulnerability Intelligence