What is the cybersecurity threat?
A new flaw recently discovered in Apache allows for local privilege escalation where a person or program that has limited access or privileges (such as a user account) may be able execute code with root privileges. This exploit would allow that person or program to take over full permissions to the server or system they are on by running a script.
Why is this noteworthy?
Apache is the most widely used web server software running on 67% of all webservers in the world. Apache is a free, open-source software utilized by individuals and corporations on a global scale. Given the high utilization of Apache, a malicious script that could override permissions on Apache web server puts all systems vulnerable, running versions 2.4.17 to 2.4.38, at risk of being compromised.
What is the exposure or risk?
Carefully crafted malicious code can be used to take over the underlying system running the Apache web server httpd process. This would allow full control of the system to be left in the hands of the malicious actor where they may copy and exfiltrate data. This is a bigger risk for web hosting environments where one system may have access to many different machines or instances, but systems on non-shared networks are still at risk.
What can you do?
SKOUT recommends updating Apache web server to version 2.4.39 or later to patch this vulnerability.
References:
or more in-depth information about the recommendations, please visit the following link:
- https://arstechnica.com/information-technology/2019/04/serious-apache-server-bug-gives-root-to-baddies-in-shared-host-environments/
- https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
- https://www.zdnet.com/article/apache-web-server-bug-grants-root-access-on-shared-hosting-environments/
- https://www.wpbeginner.com/glossary/apache/
- https://www.helpnetsecurity.com/2019/04/03/apache-web-server-cve-2019-0211/
If you have any questions, please contact our Secure Intelligence Center.