5
CVSSv2

CVE-2014-0231

Published: 20/07/2014 Updated: 06/06/2021
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Summary

The mod_cgid module in the Apache HTTP Server prior to 2.4.10 does not have a timeout mechanism, which allows remote malicious users to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 2.4.2

apache http server 2.4.3

apache http server -

apache http server 2.2.6

apache http server 2.2.14

apache http server 2.2.15

apache http server 2.2.22

apache http server 2.2.23

apache http server

apache http server 2.4.7

apache http server 2.2.0

apache http server 2.2.10

apache http server 2.2.11

apache http server 2.2.18

apache http server 2.2.19

apache http server 2.2.26

apache http server 2.2.27

apache http server 2.4.8

apache http server 2.4.1

apache http server 2.2.2

apache http server 2.2.3

apache http server 2.2.4

apache http server 2.2.12

apache http server 2.2.13

apache http server 2.2.20

apache http server 2.2.21

apache http server 2.4.4

apache http server 2.4.6

apache http server 2.2.8

apache http server 2.2.9

apache http server 2.2.16

apache http server 2.2.17

apache http server 2.2.24

apache http server 2.2.25

Vendor Advisories

Several security issues were found in the Apache HTTP server CVE-2014-0118 The DEFLATE input filter (inflates request bodies) in mod_deflate allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size CVE-2014-0226 A race condition was found in m ...
A denial of service flaw was found in the way httpd's mod_cgid module executed CGI scripts that did not read data from the standard input A remote attacker could submit a specially crafted request that would cause the httpd child process to hang indefinitely ...
Several security issues were fixed in Apache HTTP Server ...
A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attac ...
A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attac ...
Debian Bug report logs - #775888 virtualbox: CVE-2014-6588 CVE-2014-6589 CVE-2014-6590 CVE-2014-6595 CVE-2015-0418 CVE-2015-0427 Package: virtualbox; Maintainer for virtualbox is Debian Virtualbox Team <team+debian-virtualbox@trackerdebianorg>; Source for virtualbox is src:virtualbox (PTS, buildd, popcon) Reported by: Mori ...
<!-- content goes here --> Oracle Critical Patch Update Advisory - January 2015 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisor ...

Github Repositories

Network reconnaissance and vulnerability assessment tools.

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

Network reconnaissance and vulnerability assessment tools.

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

MBSD Cybersecurity Challenges 2017 調査結果報告書 東京電子専門学校 チーム:陸のくまさん メンバー・役割 kumacky * 脆弱性診断 * 報告書作成 peachgyoza * 脆弱性診断 * 報告書作成 Keloud * 脆弱性診断 * 報告書作成 * CVSS評価 目次 [TOC] 調査手法に関する説明 使用したツール・環境 OS Windows 10

repository ini digunakan untuk belajar

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

Network reconnaissance and vulnerability assessment tools.

ReconScan The purpose of this project is to develop scripts that can be useful in the pentesting workflow, be it for VulnHub VMs, CTFs, hands-on certificates, or real-world targets The project currently consists of two major components: a script invoking and aggregating the results of existing tools, and a second script for automated analysis of the aforementioned results from

DC 1: Vulnhub Walkthrough Scanning nmap 192168122184 nmap -sV -A 192168122184 (service version scan) nmap -sV -A --script vuln 192168122184 (Vulnerability scan) root@kali:~# **nmap -sV -A 192168122184** Starting Nmap 780SVN ( nmaporg ) at 2021-05-27 02:58 EDT Stats: 0:00:17 elapsed; 0 hosts completed (1 up), 1 undergoing Script Scan NSE Timing: About 973

internetdb Fast IP Lookups for Open Ports and Vulnerabilities Description Shodan shodanio/ scans the internet for hosts and services and maintains a few APIs into that data One API is the InternetDB internetdbshodanio/, which allows for free querying of open ports and vulnerabilities Tools are provided to query this servce What’s Inside The Tin The f

pigat ( Passive Intelligence Gathering Aggregation Tool ) 被动信息收集聚合工具

Pigat:一款被动信息收集聚合工具 前言 Pigat(Passive Intelligence Gathering Aggregation Tool)被动信息收集聚合工具,该工具通过爬取目标URL在第三方网站比如备案查询网站、子域名查询网站的结果来对目标进行被动信息收集。 开发此工具的初衷就是平时在使用一些第三方的网站进行目标信息收

Strike A python tool to quickly analyze all IPs and see which ones have open ports and vulnerabilities Installation apt-get install python3 git clone githubcom/SecureAxom/strike cd strike pip3 install -r requirementstxt python3 strikepy Usages python3 strikepy -h python3 strikepy -t 20891

Pigat:一款被动信息收集聚合工具 前言 Pigat(Passive Intelligence Gathering Aggregation Tool)被动信息收集聚合工具,该工具通过爬取目标URL在第三方网站比如备案查询网站、子域名查询网站的结果来对目标进行被动信息收集。 开发此工具的初衷就是平时在使用一些第三方的网站进行目标信息收

References

CWE-399https://bugzilla.redhat.com/show_bug.cgi?id=1120596http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522&r2=1535125&diff_format=hhttp://httpd.apache.org/security/vulnerabilities_24.htmlhttp://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.chttp://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711&r2=1610509&diff_format=hhttp://rhn.redhat.com/errata/RHSA-2014-1019.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1021.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1020.htmlhttp://secunia.com/advisories/60536http://www.mandriva.com/security/advisories?name=MDVSA-2014:142http://advisories.mageia.org/MGASA-2014-0304.htmlhttp://www.securityfocus.com/bid/68742http://www.debian.org/security/2014/dsa-2989http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlhttp://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.htmlhttp://advisories.mageia.org/MGASA-2014-0305.htmlhttp://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttps://support.apple.com/HT204659http://marc.info/?l=bugtraq&m=144493176821532&w=2http://marc.info/?l=bugtraq&m=143403519711434&w=2http://marc.info/?l=bugtraq&m=143748090628601&w=2http://marc.info/?l=bugtraq&m=144050155601375&w=2https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246https://security.gentoo.org/glsa/201504-03http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGEShttps://puppet.com/security/cve/cve-2014-0231https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3Ehttp://tools.cisco.com/security/center/viewAlert.x?alertId=34973https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2014-0231https://usn.ubuntu.com/2299-1/