Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1r64-48n4-hkg2
Vulnerability ID VCID-1r64-48n4-hkg2
Aliases CVE-2011-1176
Summary The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00708 https://api.first.org/data/v1/epss?cve=CVE-2011-1176
epss 0.00708 https://api.first.org/data/v1/epss?cve=CVE-2011-1176
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2011-1176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1176
618857 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618857
USN-1259-1 https://usn.ubuntu.com/1259-1/
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.72572
EPSS Score 0.00708
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:27:43.682352+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0