← back
CVE-2014-0242

CVE-2014-0242

EPSS 8.5%
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
Affected products
mod_wsgi · mod_wsgi
public PoCs found1
exploitdbwww.exploit-db.com/exploits/39196unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.htmlhttp://modwsgi.readthedocs.org/en/latest/release-notes/version-3.4.htmlhttp://www.openwall.com/lists/oss-security/2014/05/21/1http://www.securityfocus.com/bid/67534