PT-2014-1437 · Apache+6 · Apache Http Server+6

Publicado

2014-07-14

Atualizado

2024-06-15

CVE-2014-0231

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.10

Description The issue is related to the mod cgid module, which lacks a timeout mechanism. This allows remote attackers to cause a denial of service (process hang) by sending a request to a CGI script that does not read from its stdin file descriptor. A flaw in mod cgid can cause child processes to hang indefinitely if a server hosts CGI scripts that do not consume standard input, leading to denial of service.

Recommendations For versions prior to 2.4.10, update to version 2.4.10 or later to resolve the issue. As a temporary workaround, consider restricting access to CGI scripts that do not consume standard input to minimize the risk of exploitation.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-399

Identificadores relacionados

ALT-PU-2016-1385

BDU:2015-00399

CESA-2014_0920

CESA-2014_0921

CVE-2014-0231

DLA-66-1

DSA-2989-1

HPSBUX03337

HPSBUX03512

MGASA-2014-0304

MGASA-2014-0305

OPENSUSE-SU-2014_0969-1

OPENSUSE-SU-2024:10268-1

RHSA-2014:0920

RHSA-2014:0921

RHSA-2014:0922

RHSA-2014:1019

RHSA-2014:1020

RHSA-2014:1087

RHSA-2014:1088

RHSA-2014_0920

RHSA-2014_0921

SUSE-SU-2015:0689-1

USN-2299-1

Produtos afetados

Alt Linux

Apache Http Server

Centos

Hp-Ux

Red Hat

Suse

Ubuntu

PT-2014-1437 · Apache+6 · Apache Http Server+6

CVE-2014-0231

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 223