CVE-2019-0211 - 漏洞详情

CVE-2019-0211 (CNNVD-201904-042)

HIGH 有利用代码

中文标题:

Apache HTTP Server 资源管理错误漏洞

英文标题:

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executi...

CVSS分数: 7.8

发布时间: 2019-04-08 21:31:09

漏洞类型: 资源管理错误

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v4

漏洞描述

中文描述:

Apache HTTP Server是美国阿帕奇（Apache）基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server中存在提权漏洞，该漏洞源于网络系统或产品对系统资源（如内存、磁盘空间、文件等）的管理不当。以下版本受到影响：Apache HTTP Server 2.4.38版本，2.4.37版本，2.4.35版本，2.4.34版本，2.4.33版本，2.4.30版本，2.4.29版本，2.4.28版本，2.4.27版本，2.4.26版本，2.4.25版本，2.4.23版本，2.4.20版本，2.4.18版本，2.4.17版本。

英文描述:

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.

CWE类型:

CWE-416

受影响产品

厂商	产品	版本	版本范围	平台	CPE
Apache	Apache HTTP Server	2.4.17 to 2.4.38	-	-	`cpe:2.3:a:apache:apache_http_server:2.4.17_to_2.4.38:::::::*`
apache	http_server	*	-	-	`cpe:2.3:a:apache:http_server::::::::`
fedoraproject	fedora	28	-	-	`cpe:2.3:o:fedoraproject:fedora:28:::::::*`
fedoraproject	fedora	29	-	-	`cpe:2.3:o:fedoraproject:fedora:29:::::::*`
fedoraproject	fedora	30	-	-	`cpe:2.3:o:fedoraproject:fedora:30:::::::*`
canonical	ubuntu_linux	14.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::`
canonical	ubuntu_linux	16.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:16.04::::esm:::`
canonical	ubuntu_linux	18.04	-	-	`cpe:2.3:o:canonical:ubuntu_linux:18.04::::esm:::`
canonical	ubuntu_linux	18.10	-	-	`cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*`
debian	debian_linux	9.0	-	-	`cpe:2.3:o:debian:debian_linux:9.0:::::::*`
opensuse	leap	15.0	-	-	`cpe:2.3:o:opensuse:leap:15.0:::::::*`
opensuse	leap	42.3	-	-	`cpe:2.3:o:opensuse:leap:42.3:::::::*`
netapp	oncommand_unified_manager	-	-	-	`cpe:2.3:a:netapp:oncommand_unified_manager:-:::::7-mode::`
redhat	jboss_core_services	1.0	-	-	`cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*`
redhat	openshift_container_platform	3.11	-	-	`cpe:2.3:a:redhat:openshift_container_platform:3.11:::::::*`
redhat	openshift_container_platform_for_power	3.11_ppc64le	-	-	`cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:::::::*`
redhat	software_collections	1.0	-	-	`cpe:2.3:a:redhat:software_collections:1.0:::::::*`
redhat	enterprise_linux	8.0	-	-	`cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*`
redhat	enterprise_linux_eus	8.1	-	-	`cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*`
redhat	enterprise_linux_eus	8.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*`
redhat	enterprise_linux_eus	8.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*`
redhat	enterprise_linux_eus	8.6	-	-	`cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*`
redhat	enterprise_linux_eus	8.8	-	-	`cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*`
redhat	enterprise_linux_for_arm_64	8.0_aarch64	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::*`
redhat	enterprise_linux_for_arm_64_eus	8.1_aarch64	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:::::::*`
redhat	enterprise_linux_for_arm_64_eus	8.2_aarch64	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:::::::*`
redhat	enterprise_linux_for_arm_64_eus	8.4_aarch64	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:::::::*`
redhat	enterprise_linux_for_arm_64_eus	8.6_aarch64	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:::::::*`
redhat	enterprise_linux_for_arm_64_eus	8.8_aarch64	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:::::::*`
redhat	enterprise_linux_for_ibm_z_systems	8.0_s390x	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*`
redhat	enterprise_linux_for_ibm_z_systems_eus	8.1_s390x	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:::::::*`
redhat	enterprise_linux_for_ibm_z_systems_eus	8.2_s390x	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:::::::*`
redhat	enterprise_linux_for_ibm_z_systems_eus	8.4_s390x	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:::::::*`
redhat	enterprise_linux_for_ibm_z_systems_eus	8.6_s390x	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*`
redhat	enterprise_linux_for_ibm_z_systems_eus	8.8_s390x	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*`
redhat	enterprise_linux_for_power_little_endian	8.0_ppc64le	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*`
redhat	enterprise_linux_for_power_little_endian_eus	8.1_ppc64le	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:::::::*`
redhat	enterprise_linux_for_power_little_endian_eus	8.2_ppc64le	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:::::::*`
redhat	enterprise_linux_for_power_little_endian_eus	8.4_ppc64le	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:::::::*`
redhat	enterprise_linux_for_power_little_endian_eus	8.6_ppc64le	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*`
redhat	enterprise_linux_for_power_little_endian_eus	8.8_ppc64le	-	-	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*`
redhat	enterprise_linux_server_aus	8.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*`
redhat	enterprise_linux_server_aus	8.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*`
redhat	enterprise_linux_server_aus	8.6	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*`
redhat	enterprise_linux_server_tus	8.2	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*`
redhat	enterprise_linux_server_tus	8.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*`
redhat	enterprise_linux_server_tus	8.6	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*`
redhat	enterprise_linux_server_tus	8.8	-	-	`cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*`
redhat	enterprise_linux_update_services_for_sap_solutions	8.0	-	-	`cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:::::::*`
redhat	enterprise_linux_update_services_for_sap_solutions	8.1	-	-	`cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:::::::*`
redhat	enterprise_linux_update_services_for_sap_solutions	8.4	-	-	`cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*`
redhat	enterprise_linux_update_services_for_sap_solutions	8.6	-	-	`cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*`
redhat	enterprise_linux_update_services_for_sap_solutions	8.8	-	-	`cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::*`
oracle	communications_session_report_manager	8.0.0	-	-	`cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:::::::*`
oracle	communications_session_report_manager	8.1.0	-	-	`cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:::::::*`
oracle	communications_session_report_manager	8.1.1	-	-	`cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:::::::*`
oracle	communications_session_report_manager	8.2.0	-	-	`cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:::::::*`
oracle	communications_session_route_manager	8.0.0	-	-	`cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:::::::*`
oracle	communications_session_route_manager	8.1.0	-	-	`cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:::::::*`
oracle	communications_session_route_manager	8.1.1	-	-	`cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:::::::*`
oracle	communications_session_route_manager	8.2.0	-	-	`cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:::::::*`
oracle	enterprise_manager_ops_center	12.3.3	-	-	`cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:::::::*`
oracle	enterprise_manager_ops_center	12.4.0	-	-	`cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:::::::*`
oracle	http_server	12.2.1.3.0	-	-	`cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*`
oracle	instantis_enterprisetrack	17.1	-	-	`cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*`
oracle	instantis_enterprisetrack	17.2	-	-	`cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*`
oracle	instantis_enterprisetrack	17.3	-	-	`cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*`
oracle	retail_xstore_point_of_service	7.0	-	-	`cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:::::::*`
oracle	retail_xstore_point_of_service	7.1	-	-	`cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

[oss-security] 20190401 CVE-2019-0211: Apache HTTP Server privilege escalation from modules' scripts mailing-list
cve.org

访问

107666 vdb-entry
cve.org

访问

20190403 [SECURITY] [DSA 4422-1] apache2 security update mailing-list
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

USN-3937-1 vendor-advisory
cve.org

访问

FEDORA-2019-cf7695b470 vendor-advisory
cve.org

访问

DSA-4422 vendor-advisory
cve.org

访问

[httpd-users] 20190406 [users@httpd] CVE-2019-0211/0215/0217 mailing-list
cve.org

访问

FEDORA-2019-119b14075a vendor-advisory
cve.org

访问

20190407 [slackware-security] httpd (SSA:2019-096-01) mailing-list
cve.org

访问

46676 exploit
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

[community-dev] 20190411 CVE-2019-0211 applicable to versions 2.2.x? mailing-list
cve.org

访问

[community-dev] 20190411 Re: CVE-2019-0211 applicable to versions 2.2.x? mailing-list
cve.org

访问

RHSA-2019:0746 vendor-advisory
cve.org

访问

openSUSE-SU-2019:1190 vendor-advisory
cve.org

访问

[community-dev] 20190411 RE: CVE-2019-0211 applicable to versions 2.2.x? mailing-list
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

openSUSE-SU-2019:1209 vendor-advisory
cve.org

访问

GLSA-201904-20 vendor-advisory
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

openSUSE-SU-2019:1258 vendor-advisory
cve.org

访问

RHSA-2019:0980 vendor-advisory
cve.org

访问

RHBA-2019:0959 vendor-advisory
cve.org

访问

FEDORA-2019-a4ed7400f4 vendor-advisory
cve.org

访问

RHSA-2019:1297 vendor-advisory
cve.org

访问

RHSA-2019:1296 vendor-advisory
cve.org

访问

[httpd-cvs] 20190611 svn commit: r1861068 - /httpd/site/trunk/content/security/vulnerabilities-httpd.xml mailing-list
cve.org

访问

RHSA-2019:1543 vendor-advisory
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

[oss-security] 20190726 Re: Statistics for distros lists updated for 2019Q2 mailing-list
cve.org

访问

[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
cve.org

访问

[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

[announce] 20200131 Apache Software Foundation Security Report: 2019 mailing-list
cve.org

访问

[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
cve.org

访问

[httpd-cvs] 20200401 svn commit: r1058587 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
cve.org

访问

无标题 x_refsource_MISC
cve.org

访问

[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ mailing-list
cve.org

访问

[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/ mailing-list
cve.org

访问

[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
cve.org

访问

[httpd-cvs] 20210330 svn commit: r1073139 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ mailing-list
cve.org

访问

[httpd-cvs] 20210330 svn commit: r1888194 [12/13] - /httpd/site/trunk/content/security/json/ mailing-list
cve.org

访问

[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ mailing-list
cve.org

访问

[httpd-cvs] 20210330 svn commit: r1073149 [12/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ mailing-list
cve.org

访问

[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-list
cve.org

访问

134c704f-9b21-4f2e-91b3-4a467353bcc0 OTHER
nvd.nist.gov

访问

ExploitDB EDB-46676 EXPLOIT
exploitdb

访问

Download Exploit EDB-46676 EXPLOIT
exploitdb

访问

CVE Reference: CVE-2019-0211 ADVISORY
cve.org

访问

CVSS评分详情

3.1 (adp)

HIGH

7.8

CVSS向量: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

机密性

HIGH

完整性

HIGH

可用性

HIGH

时间信息

发布时间:

2019-04-08 21:31:09

修改时间:

2025-10-21 23:45:40

创建时间:

2025-11-11 15:35:24

更新时间:

2025-11-11 16:51:02

利用信息

此漏洞有可利用代码！

利用代码数量: 1

利用来源:

未知

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2019-0211`	2025-11-11 15:19:56	2025-11-11 07:35:24
NVD	`nvd_CVE-2019-0211`	2025-11-11 14:56:21	2025-11-11 07:43:58
CNNVD	`cnnvd_CNNVD-201904-042`	2025-11-11 15:10:11	2025-11-11 07:54:26
EXPLOITDB	`exploitdb_EDB-46676`	2025-11-11 15:05:25	2025-11-11 08:51:02

版本与语言

当前版本: v4

主要语言: EN

支持语言:

EN ZH

其他标识符:

安全公告

暂无安全公告信息

变更历史

v4 EXPLOITDB

2025-11-11 16:51:02

references_count: 52 → 55; tags_count: 0 → 3; data_sources: ['cnnvd', 'cve', 'nvd'] → ['cnnvd', 'cve', 'exploitdb', 'nvd']

查看详细变更

references_count: 52 -> 55
tags_count: 0 -> 3
data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']

v3 CNNVD

2025-11-11 15:54:26

vulnerability_type: 未提取 → 资源管理错误; cnnvd_id: 未提取 → CNNVD-201904-042; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 资源管理错误
cnnvd_id: 未提取 -> CNNVD-201904-042
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:43:58

affected_products_count: 1 → 69; references_count: 51 → 52; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

affected_products_count: 1 -> 69
references_count: 51 -> 52
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2019-0211 (CNNVD-201904-042)

中文标题:

Apache HTTP Server 资源管理错误漏洞

英文标题:

In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executi...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

3.1 (adp)

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史