Description

The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.

Remediation

References

CVE-2014-0231

Related Vulnerabilities

WordPress Plugin Newsletters Cross-Site Scripting (4.6.18)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-6356)

ATutor Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-1000002)

PHP Other Vulnerability (CVE-2010-0397)

WordPress Plugin Product Catalog 8 SQL Injection (1.2.0)

Severity

Medium

Classification

CVE-2014-0231

Tags

Missing Update Known Vulnerabilities