CVE-2014-0231
Published: 20 July 2014
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
lucid |
Released
(2.2.14-5ubuntu8.14)
|
precise |
Released
(2.2.22-1ubuntu1.7)
|
|
trusty |
Released
(2.4.7-1ubuntu4.1)
|
|
upstream |
Released
(2.4.10)
|
|
Patches: upstream: http://svn.apache.org/viewvc?view=revision&revision=1610512 upstream: http://svn.apache.org/viewvc?view=revision&revision=1610522 upstream: http://svn.apache.org/viewvc?view=revision&revision=1611185 |