Description

The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

Remediation

References

CVE-2014-0231

Related Vulnerabilities

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4281)

Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-0788)

Grafana Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-21703)

Python Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2010-3493)

WordPress Plugin WP Support Plus Responsive Ticket System PHP Object Injection (9.0.3)

Severity

Medium

Classification

CVE-2014-0231

Tags

Missing Update Known Vulnerabilities