Httpd 2.4.18 Exploit: Apache

Better yet, so that a compromise is bounded.

This is a local root privilege escalation vulnerability affecting Apache versions 2.4.17 through 2.4.38. apache httpd 2.4.18 exploit

A proof-of-concept exploit for this vulnerability was published by the Apache Software Foundation, which demonstrates how to exploit the vulnerability using a malicious Authorization header. Better yet, so that a compromise is bounded

Trending CVEs for the Week of April 8th, 2019 - Blog - NopSec apache httpd 2.4.18 exploit

: It is a use-after-free bug that occurs when the server processes an OPTIONS request.

Ensure your configuration includes HttpProtocolOptions Strict to mitigate request smuggling (though this was introduced in later patches).