Description
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
Remediation
References
Related Vulnerabilities
WordPress Plugin XEN Carousel Multiple Cross-Site Scripting Vulnerabilities (0.12.2)
Joomla! Core 1.7.x SQL Injection (1.7.0 - 1.7.4)
WordPress Plugin Eyes Only:User Access Shortcode Cross-Site Scripting (1.8.2)
Sqlite Divide By Zero Vulnerability (CVE-2019-16168)
Jetty Insufficient Session Expiration Vulnerability (CVE-2021-34428)