Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-0242 — Sensitive Information Exposure in MOD Wsgi

CWE-200 — Sensitive Information Exposure11 documents8 sources

Severity

7.5HIGHNVD

OSV6.2

EPSS

8.6%

top 7.57%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Modwsgi MOD Wsgi Debian Mod-wsgi MOD Wsgi

Timeline

PublishedDec 9

Latest updateMay 17

Description

mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/mod-wsgi< mod-wsgi 3.4-3 (bookworm)

▶NVDmodwsgi/mod_wsgi< 3.4

▶CVEListV5mod_wsgi/mod_wsgibefore 3.4

🔴Vulnerability Details

GHSA

GHSA-jf6g-4gpq-f62c: mod_wsgi module before 3↗2022-05-17

▶

OSV

CVE-2014-0242: mod_wsgi module before 3↗2019-12-09

▶

OSV

mod-wsgi vulnerabilities↗2014-05-26

▶

💥Exploits & PoCs

Exploit-DB

Apache mod_wsgi - Information Disclosure↗2014-05-21

▶

📋Vendor Advisories

Ubuntu

mod_wsgi vulnerabilities↗2014-05-26

▶

Red Hat

mod_wsgi: information leak↗2014-05-21

▶

Debian

CVE-2014-0242: mod-wsgi - mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow r...↗2014

▶

💬Community

Bugzilla

CVE-2014-0242 mod_wsgi: information leak [epel-5]↗2014-05-28

▶

Bugzilla

CVE-2014-0242 python26-mod_wsgi: mod_wsgi: information leak [epel-5]↗2014-05-28

▶

Bugzilla

CVE-2014-0242 mod_wsgi: information leak↗2014-05-28

▶