Wind River Support Network

HomeDefectsLIN5-19152
Fixed

LIN5-19152 : Security Advisory - apache - CVE-2014-0226

Created: Aug 3, 2014    Updated: Dec 19, 2017
Resolved Date: Sep 29, 2014
Found In Version: 5.0
Fix Version: 5.0.1.20
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0226

Other Downloads


Live chat
Online