[Vulnerability Warning] Notification on Apache HTTP Server Service Component Privilege Escalation Vulnerability

2019-04-08 16:24:03
Dear user

Recently, JD Cloud security team detected Apache HTTP Server components were disclosed to have local Privilege Escalation Vulnerability (vulnerability number: CVE-2019-0211) and to have multiple vulnerabilities, the attacker can use the vulnerability to upload malicious CGI scripts to cause an escalated root privilege attack on the target system

JD Cloud security team recommends that you conduct the security self-examination in a timely manner. If your business is in the influence range, please update and fix the problem in time to avoid attacks from an external attacker.

Vulnerability Description

Apache HTTP Server Version 2.4.17~2.4.38, when executing code in a child process or thread with lower privilege, escalate privilege to privilege of the parent process (usually root) by operating scoreboard, and other systems that are not Unix systems are not affected by vulnerabilities.

Risk Level

High Risk

Influence Range

Under Unix system, Apache HTTP Server Version 2.4.17~2.4.38

Security Recommendations

UpgradeApache HTTP Server Version 2.4.39 or above

Reference Link

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211


JD Cloud team

2019-04-08 16:24:03