QwikSec

Security Database

CVE

CWE

Training

CVE-2014-0242

Published: Dec 9, 2019

Modified: Aug 6, 2024

PUBLISHED

Description

mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.

Vendor	Product	Versions
mod_wsgi	mod_wsgi	affected `before 3.4`

References

http://www.openwall.com/lists/oss-security/2014/05/21/1

x_refsource_MISC

http://blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html

x_refsource_MISC

http://modwsgi.readthedocs.org/en/latest/release-notes/version-3.4.html

x_refsource_MISC

http://www.securityfocus.com/bid/67534

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.