Описание
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.4.29-1ubuntu4.6 |
| cosmic | released | 2.4.34-1ubuntu2.1 |
| devel | released | 2.4.38-2ubuntu2 |
| esm-infra-legacy/trusty | not-affected | 2.4.7-1ubuntu4.21 |
| esm-infra/bionic | released | 2.4.29-1ubuntu4.6 |
| esm-infra/xenial | released | 2.4.18-2ubuntu3.10 |
| precise/esm | not-affected | |
| trusty | not-affected | 2.4.7-1ubuntu4.21 |
| trusty/esm | not-affected | 2.4.7-1ubuntu4.21 |
| upstream | needs-triage |
Показывать по
Ссылки на источники
7.2 High
CVSS2
7.8 High
CVSS3
Связанные уязвимости
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, w ...
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.
Уязвимость модуля MPM веб-сервера Apache HTTP, связанная с использованием памяти после её освобождения, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
7.2 High
CVSS2
7.8 High
CVSS3