- Description
- The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
- Hype score
- Not currently trending
- ApacheFixed in Apache HTTP Server 1.3.27: http://httpd.apache.org/security/vulnerabilities_13.html
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8876688-B4F8-4E2E-AEB1-6E9D882E6879",
"versionEndExcluding": "1.3.27",
"versionStartIncluding": "1.3.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58B90124-0543-4226-BFF4-13CCCBCCB243"
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3"
}
],
"operator": "OR"
}
]
}
]