Description

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.

Remediation

References

CVE-2014-0226

Related Vulnerabilities

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler SQL Injection (5.5.0)

Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-34944)

Apache version older than 1.3.39

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-3479)

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Cross-Site Scripting (2.6.6)

Severity

Medium

Classification

CVE-2014-0226 CWE-362

Tags

Missing Update Known Vulnerabilities