Description
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard.
Remediation
References
Related Vulnerabilities
Oracle Application Server CVE-2006-3711 Vulnerability (CVE-2006-3711)
WordPress Plugin Defa Online Image Protector Cross-Site Scripting (3.3)
SharePoint CVE-2024-32987 Vulnerability (CVE-2024-32987)
WordPress Credentials Management Errors Vulnerability (CVE-2016-5838)
ownCloud Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-2052)