CVE-2014-8583 — Privilege Dropping / Lowering Errors in Mod-wsgi

CWE-254 CWE-271 — Privilege Dropping / Lowering Errors7 documents7 sources

Severity

6.9MEDIUMNVD

EPSS

0.1%

top 71.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Mod-wsgi Modwsgi MOD Wsgi

Timeline

PublishedDec 16

Latest updateMay 17

Description

mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

▶debiandebian/mod-wsgi< mod-wsgi 4.2.7-1 (bookworm)

▶NVDmodwsgi/mod_wsgi4.2.4

Patches

Patch: modwsgi.readthedocs.org ↗Patch: modwsgi.readthedocs.org ↗

🔴Vulnerability Details

GHSA

GHSA-6mwv-34hq-6gqx: mod_wsgi before 4↗2022-05-17

▶

OSV

CVE-2014-8583: mod_wsgi before 4↗2014-12-16

▶

📋Vendor Advisories

Ubuntu

mod_wsgi vulnerability↗2014-12-03

▶

Red Hat

mod_wsgi: failure to handle errors when attempting to drop group privileges↗2014-06-17

▶

Debian

CVE-2014-8583: mod-wsgi - mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not...↗2014

▶

💬Community

Bugzilla

CVE-2014-8583 mod_wsgi: failure to handle errors when attempting to drop group privileges↗2014-06-19

▶