CVE-2011-1176

medium Apache
CVSS v3 Base Score
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS Score
0.7%
Exploitation probability in 30 days
Top 28% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None
Published: March 29, 2011 (5525 days ago)
Last Modified: April 29, 2026
Vendor: Apache
Source: NVD

Description

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.

CWE

NVD-CWE-noinfo

Affected Products

mpm-itk project mpm-itkdebian debian linux

References

🔗 bugs.debian.org 🔗 lists.err.no 🔗 lists.err.no 🔗 openwall.com 🔗 openwall.com