CVE-2014-0226

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Interaction Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2012-3499, CVE-2013-1862, CVE-2013-1896, CVE-2013-2566, CVE-2013-4352, CVE-2013-5704, CVE-2013-6438, CVE-2013-6712, CVE-2014-0098, CVE-2014-0117, CVE-2014-0118, CVE-2014-0207, CVE-2014-0231, CVE-2014-0237, CVE-2014-0238, CVE-2014-2497, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3538, CVE-2014-3566, CVE-2014-3569, CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-3587, CVE-2014-3597, CVE-2014-3668, CVE-2014-3669, CVE-2014-3670, CVE-2014-3710, CVE-2014-3981, CVE-2014-4049, CVE-2014-4380, CVE-2014-4404, CVE-2014-4405, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120, CVE-2014-8275, CVE-2014-8830, CVE-2014-9298, CVE-2015-0204, CVE-2015-0526, CVE-2015-1067, CVE-2015-1069, CVE-2015-1088, CVE-2015-1089, CVE-2015-1091, CVE-2015-1093, CVE-2015-1095, CVE-2015-1096, CVE-2015-1098, CVE-2015-1099, CVE-2015-1100, CVE-2015-1101, CVE-2015-1102, CVE-2015-1103, CVE-2015-1104, CVE-2015-1105, CVE-2015-1117, CVE-2015-1118, CVE-2015-1130, CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, CVE-2015-1135, CVE-2015-1136, CVE-2015-1137, CVE-2015-1138, CVE-2015-1139, CVE-2015-1140, CVE-2015-1141, CVE-2015-1142, CVE-2015-1143, CVE-2015-1144, CVE-2015-1145, CVE-2015-1146, CVE-2015-1147, CVE-2015-1148, CVE-2015-1158, CVE-2015-1159, CVE-2015-1160, CVE-2015-1545, CVE-2015-1546

Published on 20/07/14 - Updated on 09/12/17

Description

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.

Category: Interaction Error

CWE-362 (Race Conditions)
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Security Notices

US National Vulnerability DatabaseCVE-2014-0226
Amazon Linux ALAS-2014-388, ALAS-2014-389
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2015-AVI-286
Apple HT204659
CentOS CESA-2014:0920, CESA-2014:0921
Debian DSA-2989-1
Debian LTSDLA-66-1
Oracle Linux ELSA-2014-0920, ELSA-2014-0921
Redhat RHSA-2014:0920, RHSA-2014:0921
Renater 2014/VULN174, 2015/VULN107
SUSE SUSE-SU-2014:0967, SUSE-SU-2014:1080, SUSE-SU-2014:1081, SUSE-SU-2014:1082
Ubuntu USN-2299-1

Exploits

Exploit-DBEDB-34133
SecurityFocusBID-68678

Relative technologies

VendorProduct
apachehttp_server

Share this vulnerability with:

Twitter Facebook LinkedIn Mail