A flaw was found in Apache where code executing in a less-privileged child process or thread could execute arbitrary code with the privilege of the parent process (usually root). An attacker having access to run arbitrary scripts on the web server (PHP, CGI etc) could use this flaw to run code on the web server with root privileges.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 2 - Core | httpd | 2019-04-04 21:49 | ALAS2-2019-1189 |
Amazon Linux 1 | httpd24 | 2019-04-05 20:05 | ALAS-2019-1189 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 8.8 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
NVD | CVSSv2 | 7.2 | AV:L/AC:L/Au:N/C:C/I:C/A:C |
NVD | CVSSv3 | 7.8 | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |