Unrated severityNVD Advisory· Published Mar 29, 2011· Updated Jun 16, 2026
CVE-2011-1176
CVE-2011-1176
Description
The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:mpm-itk_project:mpm-itk:2.2.11-01:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mpm-itk_project:mpm-itk:2.2.11-01:*:*:*:*:*:*:*
- cpe:2.3:a:mpm-itk_project:mpm-itk:2.2.11-02:*:*:*:*:*:*:*
- (no CPE)range: 2.2.11-01, 2.2.11-02
Patches
Vulnerability mechanics
References
12- bugs.debian.org/cgi-bin/bugreport.cginvdIssue TrackingPatchThird Party Advisory
- lists.err.no/pipermail/mpm-itk/2011-March/000393.htmlnvdPatchThird Party Advisory
- lists.err.no/pipermail/mpm-itk/2011-March/000394.htmlnvdRelease NotesThird Party Advisory
- openwall.com/lists/oss-security/2011/03/20/1nvdMailing ListThird Party Advisory
- openwall.com/lists/oss-security/2011/03/21/13nvdMailing ListThird Party Advisory
- www.debian.org/security/2011/dsa-2202nvdThird Party Advisory
- www.mandriva.com/security/advisoriesnvdThird Party Advisory
- www.securityfocus.com/bid/46953nvdThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2011/0748nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0749nvdThird Party Advisory
- www.vupen.com/english/advisories/2011/0824nvdThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/66248nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.