News Comments FAQ Related Articles

An Apache Web Server Bug That Grants Root Access on Shared Web Hosts

5402

A flaw in Apache HTTP Server software recently came into limelight. The Apache HTTP Server is a popular open source web server powers 40% of the whole Internet. A security engineer from Ambionics Security firm recently tweeted about the vulnerability, and it has been patched since then by the Apache developers in the latest version 2.4.39

The versions vulnerable to the flaws are versions 2.4.17 to 2.4.38. The flaw may lead an unauthorized user to execute arbitrary code with root privileges on the targeted server.

In his blog post, Charles Fol, the security engineer who first discovered the flaw stated that how an attacker can exploit this flaw in 4 before mentioned steps:

Obtain R/W access on a worker process,

Write a fake prefork_child_bucket structure in the SHM,

Make all_buckets[bucket] point to the structure,

Await 6:25AM to get an arbitrary function call.

Tags:
Author: 

Comments ( 0 )

No comments available

Frequently asked questions ( 0 )

No questions available

Related Tutorials in An Apache Web Server Bug That Grants Root Access on Shared Web Hosts

Related Tutorials in An Apache Web Server Bug That Grants Root Access on Shared Web Hosts

How to install Apache from Source Code on CentOS 7
How to install Apache from Source Code on CentOS 7
Oct 21, 2017
How to Completely Remove and Install Apache package on CentOS 7.6
How to Completely Remove and Install Apache package on CentOS 7.6
May 23, 2019
How to install apache jmeter on ubuntu 18.04
How to install apache jmeter on ubuntu 18.04
May 19, 2018
How to Install Pligg - Content Management System
How to Install Pligg - Content Management System
Jul 26, 2016
How to Configure HAproxy Load Balancer with Keepalived in CentOS
How to Configure HAproxy Load Balancer with Keepalived in CentOS
Nov 21, 2016
How to enable the Apache server-status on centos 7
How to enable the Apache server-status on centos 7
Jan 28, 2019
How to Create Ansible Playbook to Install Apache Server
How to Create Ansible Playbook to Install Apache Server
May 12, 2021
How to Configure Reverse Proxy with Apache in CentOS
How to Configure Reverse Proxy with Apache in CentOS
Jan 25, 2017

Related Forums in An Apache Web Server Bug That Grants Root Access on Shared Web Hosts

Related Forums in An Apache Web Server Bug That Grants Root Access on Shared Web Hosts

CentOS
connor class=
How To Completely Remove Apache package On CentOS 7.6
May 14, 2019
Apache
isaac class=
How to disable apache welcome page on Ubuntu
Dec 15, 2018
Apache
rebeccajazz class=
Apache2 : mod_proxy in opensuse
Jan 3, 2018
Apache
elijah class=
What is the difference between httpd and apache
Feb 18, 2017
Apache
logan class=
How to install Apache GUI
Feb 24, 2017
Apache
rolando class=
How to find apache user in opensuse
Sep 23, 2017
Apache
caden class=
how to use php variables in apache
May 12, 2017
Lighttpd
AadrikaAnshu class=
How to change the default port number of lighttpd web server
Jun 19, 2019

Related News in An Apache Web Server Bug That Grants Root Access on Shared Web Hosts

Related News in An Apache Web Server Bug That Grants Root Access on Shared Web Hosts

Back To Top!