← back
CVE-2014-0226

CVE-2014-0226

EPSS 85.7%
Vexday Risk Score
45Attention
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS EPSS 85.7%KEV nãoPoC públicaNuclei Metasploit Patch referenciado
Lifecycle
20 Jul 2014Published on NVD
21 Jul 2014Public PoC
Weaponization speed
1 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.