CVE-2014-0226: CVE-2014-0226 [MEDIUM] CWE-662 httpd: mod_status heap-based buffer overflow httpd: mod_status heap-based buffer overflow Race condition in the mod_status…

CVE-2014-0226 [MEDIUM] CWE-662 httpd: mod_status heap-based buffer overflow httpd: mod_status heap-based buffer overflow Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child