CVE-2014-0231

Priority
Medium
Description
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a
timeout mechanism, which allows remote attackers to cause a denial of
service (process hang) via a request to a CGI script that does not read
from its stdin file descriptor.
References
Assigned-to
mdeslaur
Package
Upstream:released (2.4.10)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.4.7-1ubuntu4.1)
Patches:
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1610512 (2.4.x)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1610522 (2.4.x) (partial)
Upstream:http://svn.apache.org/viewvc?view=revision&revision=1611185 (2.2.x)
More Information

Updated: 2017-08-11 23:51:38 UTC (commit 13081)