VDB
GCVE-110-MAGEIA-2014-304
GCVE-110-MAGEIA-2014-304
Advisory Published
A race condition flaw, leading to heap-based buffer overflows, was found in
the mod_status httpd module. A remote attacker able to access a status page
served by mod_status on a server using a threaded Multi-Processing Module
(MPM) could send a specially crafted request that would cause the httpd
child process to crash or, possibly, allow the attacker to execute
arbitrary code with the privileges of the "apache" user (CVE-2014-0226).
A denial of service flaw was found in the way httpd's mod_deflate module
handled request body decompression (configured via the "DEFLATE" input
filter). A remote attacker able to send a request whose body would be
decompressed could use this flaw to consume an excessive amount of system
memory and CPU on the target system (CVE-2014-0118).
A denial of service flaw was found in the way httpd's mod_cgid module
executed CGI scripts that did not read data from the standard input.
A remote attacker could submit a specially crafted request that would cause
the httpd child process to hang indefinitely (CVE-2014-0231).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | apache | 0 (affected), 2.4.4-7.8.mga3 (unaffected) | — |
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.