CVE-2014-0231
published 2014-07-20CVE-2014-0231: The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service…
medium5CVSS 3.1
AVNACLAuNCNINAP
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | >= 2.2.0 < 2.2.29 | 2.2.29 |
| apache | http_server | >= 2.4.0 < 2.4.10 | 2.4.10 |
| apple | os_x_yosemite_v10.10.3_and_security_update_2015-004 | — | — |
| debian | apache2 | < apache2 2.4.10-1 (bookworm) | apache2 2.4.10-1 (bookworm) |
| php5 | php5 | >= 0 < 5.5.9+dfsg-1ubuntu4.6 | 5.5.9+dfsg-1ubuntu4.6 |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH