Apache – CVE-2014-0226

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to ‘mod_status buffer overflow’.
CVE-2014-0226 is categorized as a ‘Concurrent Execution using Shared Resource with Improper Synchronization’ vulnerability (CWE-362). A race condition was found in mod_status.

A ‘race condition’ in mod_status allow remote attackers to initiate Denial of Service (DoS) attacks through heap-based buffer overflow against your assets.
This, could also allow attackers to obtain any sensitive credential information or to execute arbitrary codes.
They do so via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c

It will lead to information being disclosed, assisting attackers in performing attacks against your assets.
It will cause a decrease in performance and interruptions in the availability of resources. There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2014-0226, upgrade the version of Apache HTTP Server being used to either 2.2.29 or 2.4.10.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226

https://cwe.mitre.org/data/definitions/362.html

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

HTTP VS. HTTPS

You must have once wondered what HTTP means and what is the difference between that ugly word to HTTPS, and if not, then please read

Read More »

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »