Description
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
Remediation
References
Related Vulnerabilities
MediaWiki Incorrect Default Permissions Vulnerability (CVE-2017-0369)
WordPress Plugin Software License Manager Cross-Site Scripting (4.4.7)
WordPress Plugin weForms-Easy Drag & Drop Contact Form Builder For WordPress CSV Injection (1.4.7)
Jenkins Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2021-21615)