CVE-2014-0226
Published: 20 July 2014
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
Upstream |
Released
(2.4.10)
|
Ubuntu 14.04 ESM (Trusty Tahr) |
Released
(2.4.7-1ubuntu4.1)
|
|
Patches: Upstream: http://svn.apache.org/viewvc?view=revision&revision=1610499 (2.4.x) Upstream: http://svn.apache.org/viewvc?view=revision&revision=1610515 (2.2.x) |