CVE-2014-0242

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.

References

http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html

http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.4.html

http://www.openwall.com/lists/oss-security/2014/05/21/1

http://www.securityfocus.com/bid/67534

Details

Source: MITRE

Published: 2019-12-09

Updated: 2019-12-17

Type: CWE-200

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:modwsgi:mod_wsgi:*:*:*:*:*:*:*:*

Tenable Plugins

View all (14 total)

IDNameProductFamilySeverity
79974GLSA-201412-21 : mod_wsgi: Privilege escalationNessusGentoo Local Security Checks
high
78319Amazon Linux AMI : mod_wsgi (ALAS-2014-376)NessusAmazon Linux Local Security Checks
high
78318Amazon Linux AMI : mod24_wsgi (ALAS-2014-375)NessusAmazon Linux Local Security Checks
high
76496Apache mod_wsgi < 3.4 Remote Information DisclosureNessusCGI abuses
medium
76481Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2014:137)NessusMandriva Local Security Checks
medium
76246Scientific Linux Security Update : mod_wsgi on SL6.x i386/srpm/x86_64 (20140625)NessusScientific Linux Local Security Checks
high
76243RHEL 6 : mod_wsgi (RHSA-2014:0788)NessusRed Hat Local Security Checks
high
76231Oracle Linux 6 : mod_wsgi (ELSA-2014-0788)NessusOracle Linux Local Security Checks
high
76217CentOS 6 : mod_wsgi (CESA-2014:0788)NessusCentOS Local Security Checks
high
76096Fedora 20 : mod_wsgi-3.5-1.fc20 (2014-6944)NessusFedora Local Security Checks
medium
76095Fedora 19 : mod_wsgi-3.5-1.fc19 (2014-6938)NessusFedora Local Security Checks
medium
76069openSUSE Security Update : apache2-mod_wsgi (openSUSE-SU-2014:0782-1)NessusSuSE Local Security Checks
high
74197Debian DSA-2937-1 : mod-wsgi - security updateNessusDebian Local Security Checks
high
74185Ubuntu 12.04 LTS / 13.10 / 14.04 LTS : mod-wsgi vulnerabilities (USN-2222-1)NessusUbuntu Local Security Checks
high