Apache – CVE-2014-0231

Description

Kayran has detected that the version of Apache HTTP Server being used is vulnerable to a Resource Management Errors vulnerability (CWE-399).
The CVE-2014-0231 is caused due to improper management of system resources.

The mod_cgid module in the version of Apache HTTP Server being used does not have a timeout mechanism.
An attacker could cause child processes to hang indefinitely which leads to a denial of service (by enacting a “process hang”) via a request to a CGI script that does not read from its stdin file descriptor.

This will cause a decrease in performance and also for interruptions in the availability of resources.

Recommendation

To fix CVE-2014-0231, upgrade the version of Apache HTTP Server being used to either 2.2.29 or 2.4.10 (and higher than 2.4.10)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231

https://cwe.mitre.org/data/definitions/399.html

< Return to all Vulnerabilities