According to the experts from the International Institute of Cyber Security (IICS), the best ethical hacking institute, critical privilege escalation vulnerability in the Apache HTTP server allows users with permission to enter and run scripts get root privileges on Unix systems; according to the company, the flaw was corrected in its last update.
The vulnerability in question, tracked as
CVE-2019-0211, affects all Apache HTTP Server implementations from the 2.4.17
version to 2.4.38; according to the experts from the best ethical hacking
institute, this flaw makes it possible to run arbitrary code.
The Apache Software Foundation founders mentioned
through a statement that the vulnerability was corrected in the latest update;
in addition, they add that the flaw is especially critical if the web server
used to run shared hosting instances.
“In the 2.4.17 to 2.4.38 versions of
Apache HTTP Server 2.4, code that runs on secondary processes or threads that
require lesser privileges (including scripts executed by a script interpreter
in process) could execute arbitrary code with root privileges using scoreboard
manipulation. It is important to note that non-Unix
systems are safe from the exploitation of this vulnerability “, mentions
the Apache Software statement.
Apache Software managers mentioned that users
with limited permissions on the server could perform a privilege escalation
using scripts to execute commands on the servers committed as root users.
In addition, two security errors were
corrected, the experts from the best ethical hacking institute mentioned. The
first one, tracked as CVE-2019-0217, allowed users with valid login credentials
to log using a different username. On the other hand, CVE-2019-0215 allowed
customers with Post-Authentication Handshake support to avoid previously
configured access control restrictions.
In addition to the above mentioned
vulnerabilities, Apache Software Foundation corrected three other
vulnerabilities of medium severity.
