Apache HTTP Daemon Vulnerability: Privilege Escalation via Shared Memory Scoreboard

Apache HTTP Daemon Vulnerability: Privilege Escalation via Shared Memory Scoreboard

CVE-2002-0839 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.

Learn more about our Cis Benchmark Audit For Apache Http Server.