CVE-2014-0226
CVE-2014-0226
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
Productos afectados
n/a · n/aPoCs públicas encontradas — 3
githubgithub.com/shreesh1/CVE-2014-0226-poc★ 0cve_referencewww.exploit-db.com/exploits/34133no verificadoexploitdbwww.exploit-db.com/exploits/34133no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://advisories.mageia.org/MGASA-2014-0304.htmlhttp://advisories.mageia.org/MGASA-2014-0305.htmlhttp://httpd.apache.org/security/vulnerabilities_24.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://marc.info/?l=bugtraq&m=143403519711434&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://marc.info/?l=bugtraq&m=144493176821532&w=2http://rhn.redhat.com/errata/RHSA-2014-1019.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1020.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1021.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1120603