Race condition in the mod_status module in the Apache HTTP Server prior to 2.4.10 allows remote malicious users to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server |
||
debian debian linux 8.0 |
||
debian debian linux 7.0 |
||
redhat jboss_enterprise_application_platform 6.0.0 |
||
redhat jboss_enterprise_application_platform 6.4.0 |
||
oracle secure global desktop 4.71 |
||
oracle http server 12.1.3.0 |
||
oracle secure global desktop 4.63 |
||
oracle enterprise manager ops center 12.1.4 |
||
oracle http server 12.1.2.0 |
||
oracle http server 11.1.1.7.0 |
||
oracle http server 10.1.3.5.0 |
||
oracle secure global desktop 5.0 |
||
oracle secure global desktop 5.1 |
||
oracle enterprise manager ops center 11.1.3 |