7.5
CVE-2014-0242
- EPSS 8.53%
- Veröffentlicht 09.12.2019 20:15:09
- Zuletzt bearbeitet 21.11.2024 02:01:44
- CVE-Watchlists
- Unerledigt
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 8.53% | 0.943 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html
http://www.openwall.com/lists/oss-security/2014/05/21/1
http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.4.html
http://www.securityfocus.com/bid/67534