CVE-2014-0231

Published: 20 July 2014

The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

Priority

Medium

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian
Upstream
Released (2.4.10)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.4.7-1ubuntu4.1)
Patches:
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1610512 (2.4.x)
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1610522 (2.4.x) (partial)
Upstream: http://svn.apache.org/viewvc?view=revision&revision=1611185 (2.2.x)