How To Fix Apache 2.4.x CVE-2019-0211 Vulnerability

On April 1st, 2019, the Apache Foundation released a patch for a privilege escalation bug (CVE-2019-0211) in Apache HTTP Server 2.4 releases 2.4.17–2.4.38.

Unfortunately, this is no laughing matter as roughly 2 million servers are running websites with Apache web server, this vulnerability makes it possible for module code – software components that enhance the functionality of Apache HTTPD servers – and scripts executed via modules such as mod_php to run code with the privileges of the parent process, which is usually root, therefore, it needs a prompt fix.

The bulk of affected systems are in the United States (~770,000), Germany (~224,000), and France (~111,000).

Applying proper security updates is a part of TheStack Server Management Services. We strive to protect customers’ servers from hackers and vulnerabilities.

Does the vulnerabilitiy affect my server?

Vulnerability raises panic, but don’t worry, let’s check if CVE-2019-0211 is something you really need to worry about:

  • You have a Linux/Unix server running with Apache web server;
  • Your Apache web server version happens to be between 2.4.17 to 2.4.38
  • You haven’t updated your server for a little while

If these above conditions apply to you, you would need a immediate fix on your servers. Even if you are running control panels like cPanel, DirectAdmin, Plesk, Interworx, etc. it’s worth to check the Apache version and confirm that it is not vulnerable.

Note: The Apache CVE-2019-0211 only targets the Apache HTTP server. It will not affect PHP/NodeJS/Python, etc. on your server.

How to fix Apache CVE-2019-0211?

OMG! I have a vulnerable Apache version! How can I fix it?

The quick fix for Apache CVE-2019-0211 is to upgrade your Apache web server version to the latest 2.4.39. Here we will provide a few steps for reference:

1. Collect Details

At first we need to collect some details of our server, such as PHP versions, websites numbers, databases, modules, etc.

2. Make an Apache backup

It’s always important to make a configuration backup before you upgrade, in any case your upgrade fails, you can easily rollback with old configuration.

3. Upgrade Apache version

Control Panels: There should be an option in the control panel to provide an automatical update.

YUM/APT: You can simply perform the upgrade by one command line.

If you installed Apache using offcial source package, you can download the latest Apache version and install.

4. Verify if it works perfect with latest version

After upgrade, we need to confirm if our websites on the server work perfectly with latest version of Apache. Sometimes the upgrade was successful but websites will go down due to incompatibility.

If all your websites are running perfectly with latest Apache version, we complete the patching of Apache web server.

Upgrading web server sometimes can be painful as even a small mistake would result in the downtime of your websites. You can always trust TheStack’s experienced engineers to do a server analysis prior to the Apache upgrade, to make sure your websites won’t suffer from downtime.

Related Articles