SERVER-APACHE Apache HTTP Server mod_status heap buffer overflow attempt
Race condition in the modstatus module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the statushandler function in modules/generators/modstatus.c and the luaapscoreboardworker function in modules/lua/lua_request.c.
CVSS base score 6.8 CVSS impact score 6.4 CVSS exploitability score 8.6 confidentialityImpact PARTIAL integrityImpact PARTIAL availabilityImpact PARTIAL
CVE-2014-0226:
CVSS base score 6.8
CVSS impact score 6.4
CVSS exploitability score 8.6
Confidentiality Impact PARTIAL
Integrity Impact PARTIAL
Availability Impact PARTIAL
CVE-2014-0226: Race condition in the modstatus module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the statushandler function in modules/generators/modstatus.c and the luaapscoreboardworker function in modules/lua/lua_request.c.
CVE-2014-0226:
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE
None known
None known
Upgrade to the latest non-affected version of the software.
Apply the appropriate vendor supplied patches.
©2019 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
Privacy Policy | Snort License | FAQ | Sitemap
