Your submission was sent successfully! Close

CVE-2014-0242

Published: 23 May 2014

mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
mod-wsgi
Launchpad, Ubuntu, Debian
Upstream
Released (3.4)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(3.4-4ubuntu2)
Patches:
Upstream: https://github.com/GrahamDumpleton/mod_wsgi/commit/b0a149c1f5e569932325972e2e20176a42e43517