PT-2014-1437 · Apache+6 · Apache Http Server+6

Published

2014-07-14

Updated

2024-06-15

CVE-2014-0231

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.10

Description The issue is related to the mod cgid module, which lacks a timeout mechanism. This allows remote attackers to cause a denial of service (process hang) by sending a request to a CGI script that does not read from its stdin file descriptor. A flaw in mod cgid can cause child processes to hang indefinitely if a server hosts CGI scripts that do not consume standard input, leading to denial of service.

Recommendations For versions prior to 2.4.10, update to version 2.4.10 or later to resolve the issue. As a temporary workaround, consider restricting access to CGI scripts that do not consume standard input to minimize the risk of exploitation.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2016-1385

BDU:2015-00399

CESA-2014_0920

CESA-2014_0921

CVE-2014-0231

DLA-66-1

DSA-2989-1

HPSBUX03337

HPSBUX03512

MGASA-2014-0304

MGASA-2014-0305

OPENSUSE-SU-2014_0969-1

OPENSUSE-SU-2024:10268-1

RHSA-2014:0920

RHSA-2014:0921

RHSA-2014:0922

RHSA-2014:1019

RHSA-2014:1020

RHSA-2014:1087

RHSA-2014:1088

RHSA-2014_0920

RHSA-2014_0921

SUSE-SU-2015:0689-1

USN-2299-1

Affected Products

Alt Linux

Apache Http Server

Centos

Hp-Ux

Red Hat

Suse

Ubuntu

PT-2014-1437 · Apache+6 · Apache Http Server+6

CVE-2014-0231

Weakness Enumeration

Related Identifiers

Affected Products

References · 223