cbcvebase.
CVE-2014-0240
published 2014-05-27

CVE-2014-0240: The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux…

PriorityP420medium6.2CVSS 2.0
AVLACHAuNCCICAC
EPSS
0.41%
32.9th percentile
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.

Affected

22 ranges
VendorProductVersion rangeFixed in
debianmod-wsgi< mod-wsgi 3.5-1 (bookworm)mod-wsgi 3.5-1 (bookworm)
modwsgimod_wsgi<= 3.4
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi
modwsgimod_wsgi

CVSS provenance

nvdv2.06.2MEDIUMAV:L/AC:H/Au:N/C:C/I:C/A:C
osv6.2MEDIUM
vendor_debian6.2MEDIUM
vendor_redhat6.2MEDIUM
vendor_ubuntu6.2MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.