CVE-2014-0231 — MEDIUM (5.0)

Q: How severe is CVE-2014-0231?

CVE-2014-0231 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-0231?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.

Vulnerability Description

The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apache	Http Server	>= 2.2.0, < 2.2.29

Related Weaknesses (CWE)

CWE-399

References

http://advisories.mageia.org/MGASA-2014-0304.htmlThird Party Advisory
http://advisories.mageia.org/MGASA-2014-0305.htmlThird Party Advisory
http://httpd.apache.org/security/vulnerabilities_24.htmlPatchVendor Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlMailing List
http://marc.info/?l=bugtraq&m=143403519711434&w=2Third Party Advisory
http://marc.info/?l=bugtraq&m=143748090628601&w=2Mailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=144050155601375&w=2Mailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=144493176821532&w=2Mailing ListThird Party Advisory
http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSSThird Party AdvisoryVDB Entry
http://rhn.redhat.com/errata/RHSA-2014-1019.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1020.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1021.htmlBroken Link
http://secunia.com/advisories/60536MitigationThird Party Advisory
http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGESThird Party Advisory
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.cThird Party Advisory

FAQ

What is CVE-2014-0231?

CVE-2014-0231 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script t...

How severe is CVE-2014-0231?

CVE-2014-0231 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-0231?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server.