CVE-2011-1176 — Apache2 vulnerability

5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

1.0%

top 23.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Apache2 Debian Linux Mpm-itk Project Mpm-itk

Timeline

PublishedMar 29

Latest updateMay 13

Description

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶debiandebian/apache2< apache2 2.2.17-2 (bookworm)

▶NVDmpm-itk_project/mpm-itk2.2.11-01, 2.2.11-02+1

Also affects: Debian Linux 5.0, 6.0, 7.0

Patches

Patch: bugs.debian.org ↗Patch: lists.err.no ↗Patch: bugs.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-8jf9-2rj5-99gg: The configuration merger in itk↗2022-05-13

▶

OSV

CVE-2011-1176: The configuration merger in itk↗2011-03-29

▶

📋Vendor Advisories

Ubuntu

Apache vulnerabilities↗2011-11-11

▶

Debian

CVE-2011-1176: apache2 - The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Proc...↗2011

▶