{"uuid": "e6b18867-5740-425e-951f-dc019dd489d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-0211", "type": "published-proof-of-concept", "source": "https://t.me/ExcreamOnSecurity/24", "content": "From version 2.4.17 (Oct 9, 2015) to version 2.4.38 (Apr 1, 2019), Apache HTTP suffers from a local root privilege escalation vulnerability due to an out-of-bounds array access leading to an arbitrary function call. The vulnerability is triggered when Apache gracefully restarts (apache2ctl graceful). In standard Linux configurations, the logrotate utility runs this command once a day, at 6:25AM, in order to reset log file handles\n\nhttps://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html\n\nThe vulnerability affects mod_prefork, mod_worker and mod_event. The following bug description, code walkthrough and exploit target mod_prefork\n#exploit #vulnerability #apache", "creation_timestamp": "2019-04-04T11:53:20.000000Z"}