Description
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
Remediation
References
Related Vulnerabilities
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5492)
WordPress Plugin YaySMTP-Simple WP SMTP Mail Cross-Site Scripting (2.2)
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2019-3894)
Drupal Resource Management Errors Vulnerability (CVE-2014-5266)
Family Connections Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0699)