CVE-2019-0211

Impact:
Important
Public Date:
2019-04-01
CWE:
CWE-250
Bugzilla:
1694980: CVE-2019-0211 httpd: privilege escalation from modules scripts
A flaw was found in Apache where code executing in a less-privileged child process or thread could execute arbitrary code with the privilege of the parent process (usually root). An attacker having access to run arbitrary scripts on the web server (PHP, CGI etc) could use this flaw to run code on the web server with root privileges.

Find out more about CVE-2019-0211 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This flaw is exploitable in httpd if it is configured to allow an untrusted user to upload and execute arbitrary scripts. Due to the nature of the flaw, the uploaded script would not run as a restricted privileged user, but rather it runs as root allowing for privilege escalation from the restricted user to root on the web server.

Depending on the configuration of the server, you would need local (AV:L) privileges to place the script or network (AV:N) privileges if the server ran an application that permitted uploading scripts directly. The latter scenario is not common for unauthenticated users. Once the attacker can place the script somewhere in the web root where it can be easily exploited (AC:L). This type of setup is more common in shared hosted environments (PR:L) and would allow an attacker with access to a site on the shared hosted to impact the confidentiality, integrity, and availability (CIA:H) with no interaction (UI:N). Due to the elevated privileges obtained, there is an impact to the system beyond the web server itself (S:C).

CVSS v3 metrics

CVSS3 Base Score 8.8
CVSS3 Base Metrics CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality High
Integrity Impact High
Availability Impact High

Red Hat Security Errata

Platform Errata Release Date
Red Hat Software Collections for Red Hat Enterprise Linux 6 (httpd24-httpd) RHSA-2019:0746 2019-04-11
Red Hat Software Collections for Red Hat Enterprise Linux 7 (httpd24-httpd) RHSA-2019:0746 2019-04-11
Red Hat Enterprise Linux 8 (httpd:2.4) RHSA-2019:0980 2019-05-07

Affected Packages State

Platform Package State
Red Hat Virtualization 4 rhvm-appliance Not affected
Red Hat JBoss Web Server 3 httpd Not affected
Red Hat JBoss EWS 2 httpd Under investigation
Red Hat JBoss Core Services 1 httpd Affected
Red Hat Enterprise Linux 7 httpd Not affected
Red Hat Enterprise Linux 6 httpd Not affected
Red Hat Enterprise Linux 5 httpd Not affected

External References

Last Modified