CVE-2014-0231 — Use After Free in Apache Http Server

CWE-399 CWE-416 — Use After Free13 documents9 sources

Severity

5.0MEDIUMNVD

EPSS

44.2%

top 2.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server

Timeline

PublishedJul 20

Latest updateMay 13

Description

The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server2.2.0 — 2.2.29+1

Patches

Patch: httpd.apache.org ↗Patch: www.oracle.com ↗Patch: httpd.apache.org ↗

🔴Vulnerability Details

GHSA

GHSA-3h3q-q3h4-xhww: The mod_cgid module in the Apache HTTP Server before 2↗2022-05-13

▶

OSV

php5 vulnerabilities↗2015-02-17

▶

OSV

CVE-2014-0231: The mod_cgid module in the Apache HTTP Server before 2↗2014-07-20

▶

CVEList

CVE-2014-0231: The mod_cgid module in the Apache HTTP Server before 2↗2014-07-20

▶

📋Vendor Advisories

Red Hat

php: use after free vulnerability in unserialize() (incomplete fix of CVE-2014-8142)↗2015-01-01

▶

Ubuntu

Apache HTTP Server vulnerabilities↗2014-07-23

▶

Red Hat

httpd: mod_cgid denial of service↗2014-07-17

▶

Debian

CVE-2014-0231: apache2 - The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a time...↗2014

▶

Apple

CVE-2014-0231: OS X Yosemite v10.10.3 and Security Update 2015-004↗

▶

💬Community

Bugzilla

CVE-2014-0231 httpd: mod_cgid denial of service↗2014-07-17

▶

Bugzilla

CVE-2014-0231 CVE-2014-0118 CVE-2014-0117 CVE-2014-0226 CVE-2013-4352 httpd: various flaws [fedora-all]↗2014-07-17

▶