ID CVE-2014-0231
Summary The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:0.8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:0.8.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.2.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.2.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.2.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.2.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.41:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.41:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.42:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.42:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:1.99:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:1.99:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.32:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.34:beta:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.60:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.64:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.0.65:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.0.65:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.1.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.1.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.32:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.32:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.33:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.33:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.2.34:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.2.34:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.10:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.10:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.11:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.11:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.12:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.12:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.13:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.13:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.14:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.14:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.15:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.15:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.3.16:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.3.16:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
  • bugzilla
    id 1120603
    title CVE-2014-0226 httpd: mod_status heap-based buffer overflow
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhba:tst:20070331001
      • OR
        • AND
          • comment httpd is earlier than 0:2.2.3-87.el5_10
            oval oval:com.redhat.rhsa:tst:20140920002
          • comment httpd is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556003
        • AND
          • comment httpd-devel is earlier than 0:2.2.3-87.el5_10
            oval oval:com.redhat.rhsa:tst:20140920004
          • comment httpd-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556005
        • AND
          • comment httpd-manual is earlier than 0:2.2.3-87.el5_10
            oval oval:com.redhat.rhsa:tst:20140920006
          • comment httpd-manual is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556009
        • AND
          • comment mod_ssl is earlier than 1:2.2.3-87.el5_10
            oval oval:com.redhat.rhsa:tst:20140920008
          • comment mod_ssl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070556007
    • AND
      • OR
        • comment Red Hat Enterprise Linux 6 Client is installed
          oval oval:com.redhat.rhba:tst:20111656001
        • comment Red Hat Enterprise Linux 6 Server is installed
          oval oval:com.redhat.rhba:tst:20111656002
        • comment Red Hat Enterprise Linux 6 Workstation is installed
          oval oval:com.redhat.rhba:tst:20111656003
        • comment Red Hat Enterprise Linux 6 ComputeNode is installed
          oval oval:com.redhat.rhba:tst:20111656004
      • OR
        • AND
          • comment httpd is earlier than 0:2.2.15-31.el6_5
            oval oval:com.redhat.rhsa:tst:20140920014
          • comment httpd is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111245017
        • AND
          • comment httpd-devel is earlier than 0:2.2.15-31.el6_5
            oval oval:com.redhat.rhsa:tst:20140920018
          • comment httpd-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111245019
        • AND
          • comment httpd-manual is earlier than 0:2.2.15-31.el6_5
            oval oval:com.redhat.rhsa:tst:20140920016
          • comment httpd-manual is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111245025
        • AND
          • comment httpd-tools is earlier than 0:2.2.15-31.el6_5
            oval oval:com.redhat.rhsa:tst:20140920020
          • comment httpd-tools is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111245023
        • AND
          • comment mod_ssl is earlier than 1:2.2.15-31.el6_5
            oval oval:com.redhat.rhsa:tst:20140920022
          • comment mod_ssl is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20111245021
    rhsa
    id RHSA-2014:0920
    released 2014-07-23
    severity Important
    title RHSA-2014:0920: httpd security update (Important)
  • bugzilla
    id 1120604
    title CVE-2013-4352 httpd: mod_cache NULL pointer dereference crash
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhba:tst:20150364001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhba:tst:20150364002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhba:tst:20150364003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhba:tst:20150364004
    • OR
      • AND
        • comment httpd is earlier than 0:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921005
        • comment httpd is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111245017
      • AND
        • comment httpd-devel is earlier than 0:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921013
        • comment httpd-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111245019
      • AND
        • comment httpd-manual is earlier than 0:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921017
        • comment httpd-manual is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111245025
      • AND
        • comment httpd-tools is earlier than 0:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921011
        • comment httpd-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111245023
      • AND
        • comment mod_ldap is earlier than 0:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921009
        • comment mod_ldap is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140921010
      • AND
        • comment mod_proxy_html is earlier than 1:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921007
        • comment mod_proxy_html is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140921008
      • AND
        • comment mod_session is earlier than 0:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921015
        • comment mod_session is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140921016
      • AND
        • comment mod_ssl is earlier than 1:2.4.6-18.el7_0
          oval oval:com.redhat.rhsa:tst:20140921019
        • comment mod_ssl is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111245021
    rhsa
    id RHSA-2014:0921
    released 2014-07-23
    severity Important
    title RHSA-2014:0921: httpd security update (Important)
  • rhsa
    id RHSA-2014:1019
  • rhsa
    id RHSA-2014:1020
  • rhsa
    id RHSA-2014:1021
rpms
  • httpd-0:2.2.3-87.el5_10
  • httpd-devel-0:2.2.3-87.el5_10
  • httpd-manual-0:2.2.3-87.el5_10
  • mod_ssl-1:2.2.3-87.el5_10
  • httpd-0:2.2.15-31.el6_5
  • httpd-devel-0:2.2.15-31.el6_5
  • httpd-manual-0:2.2.15-31.el6_5
  • httpd-tools-0:2.2.15-31.el6_5
  • mod_ssl-1:2.2.15-31.el6_5
  • httpd-0:2.4.6-18.el7_0
  • httpd-devel-0:2.4.6-18.el7_0
  • httpd-manual-0:2.4.6-18.el7_0
  • httpd-tools-0:2.4.6-18.el7_0
  • mod_ldap-0:2.4.6-18.el7_0
  • mod_proxy_html-1:2.4.6-18.el7_0
  • mod_session-0:2.4.6-18.el7_0
  • mod_ssl-1:2.4.6-18.el7_0
refmap via4
apple APPLE-SA-2015-04-08-2
bid 68742
confirm
debian DSA-2989
gentoo GLSA-201504-03
hp
  • HPSBMU03380
  • HPSBMU03409
  • HPSBUX03337
  • HPSBUX03512
  • SSRT102066
  • SSRT102254
mandriva MDVSA-2014:142
misc http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html
secunia 60536
Last major update 30-10-2018 - 16:25
Published 20-07-2014 - 11:12
Back to Top