CVE-2014-0226
CVE-2014-0226
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/shreesh1/CVE-2014-0226-poc★ 0cve_referencewww.exploit-db.com/exploits/34133unverifiedexploitdbwww.exploit-db.com/exploits/34133unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://advisories.mageia.org/MGASA-2014-0304.htmlhttp://advisories.mageia.org/MGASA-2014-0305.htmlhttp://httpd.apache.org/security/vulnerabilities_24.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://marc.info/?l=bugtraq&m=143403519711434&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://marc.info/?l=bugtraq&m=144493176821532&w=2http://rhn.redhat.com/errata/RHSA-2014-1019.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1020.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1021.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1120603