VYPR
Unrated severityNVD Advisory· Published Mar 29, 2011· Updated Jun 16, 2026

CVE-2011-1176

CVE-2011-1176

Description

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • cpe:2.3:a:mpm-itk_project:mpm-itk:2.2.11-01:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:mpm-itk_project:mpm-itk:2.2.11-01:*:*:*:*:*:*:*
    • cpe:2.3:a:mpm-itk_project:mpm-itk:2.2.11-02:*:*:*:*:*:*:*
    • (no CPE)range: 2.2.11-01, 2.2.11-02
  • Debian/linux3 versions
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.