A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.
Find out more about CVE-2014-0226 from the MITRE CVE dictionary dictionary and NIST NVD.
Base Score | 6.8 |
---|---|
Base Metrics | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Access Vector | Network |
Access Complexity | Medium |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Platform | Errata | Release Date |
---|---|---|
Red Hat Enterprise Linux 6 (httpd) | RHSA-2014:0920 | 2014-07-23 |
Red Hat Enterprise Linux 7 (httpd) | RHSA-2014:0921 | 2014-07-23 |
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6 (httpd24-httpd) | RHSA-2014:0922 | 2014-07-23 |
Red Hat JBoss Enterprise Application Platform 6.3 | RHSA-2014:1021 | 2014-08-06 |
Red Hat Software Collections 1 for Red Hat Enterprise Linux 7 (httpd24-httpd) | RHSA-2014:0922 | 2014-07-23 |
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server (httpd) | RHSA-2014:1019 | 2014-08-06 |
Red Hat JBoss Enterprise Web Server 2 for RHEL 6 Server (httpd) | RHSA-2014:1087 | 2014-08-21 |
Red Hat JBoss Enterprise Web Server 2 for RHEL 5 Server (httpd) | RHSA-2014:1088 | 2014-08-21 |
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server (httpd) | RHSA-2014:1020 | 2014-08-06 |
Red Hat JBoss Web Server 2.1 | RHSA-2014:1086 | 2014-08-21 |
Red Hat Enterprise Linux 5 (httpd) | RHSA-2014:0920 | 2014-07-23 |
Platform | Package | State |
---|---|---|
Red Hat JBoss EWS 1 | httpd | Will not fix |
Red Hat JBoss EAP 5 | httpd | Not affected |
Red Hat Directory Server 8 | httpd | Under investigation |