CVE-2014-0226
CVE-2014-0226
Vexday Risk Score
45Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS —EPSS 85.7%KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado
Lifecycle
20 Jul 2014Published on NVD
21 Jul 2014Public PoC
Weaponization speed
1 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
Affected products
n/a · n/apublic PoCs found — 3
githubgithub.com/shreesh1/CVE-2014-0226-poc★ 0cve_referencewww.exploit-db.com/exploits/34133unverifiedexploitdbwww.exploit-db.com/exploits/34133unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
References
http://advisories.mageia.org/MGASA-2014-0304.htmlhttp://advisories.mageia.org/MGASA-2014-0305.htmlhttp://httpd.apache.org/security/vulnerabilities_24.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://marc.info/?l=bugtraq&m=143403519711434&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2http://marc.info/?l=bugtraq&m=144493176821532&w=2http://rhn.redhat.com/errata/RHSA-2014-1019.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1020.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1021.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1120603