CVE-2014-0226

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:Interaction Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2012-3499, CVE-2013-1862, CVE-2013-1896, CVE-2013-2566, CVE-2013-4352, CVE-2013-5704, CVE-2013-6438, CVE-2014-0098, CVE-2014-0117, CVE-2014-0118, CVE-2014-0231, CVE-2014-3566, CVE-2015-0526

Published on 20/07/14 - Updated on 09/12/17

Description

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.

Category: Interaction Error

CWE-362 (Race Conditions)
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Security Notices

US National Vulnerability DatabaseCVE-2014-0226
Amazon Linux ALAS-2014-388, ALAS-2014-389
Agence Nationale de la Sécurité des Systèmes d'Information CERTFR-2015-AVI-286
CentOS CESA-2014:0920, CESA-2014:0921
Debian DSA-2989-1
Debian LTSDLA-66-1
Oracle Linux ELSA-2014-0920, ELSA-2014-0921
Redhat RHSA-2014:0920, RHSA-2014:0921
Renater 2014/VULN174, 2015/VULN107
SUSE SUSE-SU-2014:0967, SUSE-SU-2014:1080, SUSE-SU-2014:1081, SUSE-SU-2014:1082
Ubuntu USN-2299-1

Exploits

Exploit-DBEDB-34133
SecurityFocusBID-68678

Relative technologies

VendorProduct
apachehttp_server

Share this vulnerability with:

Twitter Facebook LinkedIn Mail