PoC exploit for Carpe Diem Apache bug released

From helpnetsecurity.com

Charles Fol, the security engineer that unearthed the Carpe Diem Apache HTTP Server bug (CVE-2019-0211), has released an exploit for it.

Apache CVE-2019-0211 exploit

“This is between a POC and a proper exploit. I added tons of comments, it is meant to be educational as well,” he noted, but added that it “might fail for a dozen of reasons.”

Still, it might help attackers to create a more stable one and deploy it in attacks, so admins – and especially those administrating shared hosting environments – would do well to plug the hole if they haven’t already.

Read more…