Home

CVE-2014-0231

Description

The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
44.151

Associated Vulnerability

VulnerabilityOS Platform
Update Apache to version 2.4.10Windows
Update Apache to version 2.2.27Windows
Vulnerabilities CVE-2013-5704,CVE-2014-0118,CVE-2014-0226,CVE-2014-0231 are fixed in Apache 2.2.29Windows
Vulnerabilities CVE-2014-0118,CVE-2014-0226,CVE-2014-0231 are fixed in Apache 2.4.10Windows
Multiple vulnerabilities are fixed in IBM WebSphere 8.5.5.4Windows
Multiple vulnerabilities are fixed in IBM WebSphere 8.0.0.10Windows
Multiple vulnerabilities are fixed in IBM WebSphere 7.0.0.35Windows
Httpd24-httpd update (ELSA-2014-1972) httpd24-httpd-2.4.6-22.0.1.el6.x86_64.rpmLinux
Httpd24-httpd-devel update (ELSA-2014-1972) httpd24-httpd-devel-2.4.6-22.0.1.el6.x86_64.rpmLinux
Httpd24-httpd-tools update (ELSA-2014-1972) httpd24-httpd-tools-2.4.6-22.0.1.el6.x86_64.rpmLinux
Httpd24-mod_ldap update (ELSA-2014-1972) httpd24-mod_ldap-2.4.6-22.0.1.el6.x86_64.rpmLinux
Httpd24-mod_proxy_html update (ELSA-2014-1972) httpd24-mod_proxy_html-2.4.6-22.0.1.el6.x86_64.rpmLinux
Httpd24-mod_session update (ELSA-2014-1972) httpd24-mod_session-2.4.6-22.0.1.el6.x86_64.rpmLinux
Httpd24-mod_ssl update (ELSA-2014-1972) httpd24-mod_ssl-2.4.6-22.0.1.el6.x86_64.rpmLinux
Httpd24-httpd-manual update (ELSA-2014-1972) httpd24-httpd-manual-2.4.6-22.0.1.el6.noarch.rpmLinux
Update Apache to version 2.4.10 (For Linux)Linux
Update Apache to version 2.2.27 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234