Developer Charles Fol discovered Carpe Diem (CVE-2019-0211) vulnerability in Apache HTTP Server 2.4.
In certain conditions, it allows implementing side code which gives rights of administrator and capturing server management.
Charles Fol published PoC-code on GitHub website.
In the accompanying comments engineer explained that code has intermediate meaning between demonstrative PoC and valid exploit and has educational purposes. However, intruders can create full-scale exploit on the base of this code.
Charles Fol recommends shared web-hosting services administrators to install Apache HTTP Server v.2.4.39 version as it eliminates described vulnerability.
CVE-2019-0211 involves only Unix-version of Apache HTTP Server. Debian, SuSE, Ubuntu and cPanel developers have already launched corrective updates. For FreeBSD was published notification though patch is still not available.
Source: https://hackernews.blog/poc-code-published-for-apache-http-server-vulnerability/
