Home > Vulnerability Database > CVE-2011-1176

Mend Vulnerability Database

CVE-2011-1176

Good to know:

Date: March 29, 2011

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.

Severity Score

3.7

Related Resources (5)

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/66248

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-1176

Url: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857

Url: http://www.securityfocus.com/bid/46953

Url: http://lists.err.no/pipermail/mpm-itk/2011-March/000393.html

Severity Score

3.7

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend Vulnerability Database

We found results for “”

CVE-2011-1176

Good to know:

Date: March 29, 2011

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?