CVE-2014-0226 (Apache vulnerabilty in mod_status module could allow arbitrary code execution)

  • Posted September 9, 2014

  • Assessed Risk Level: Medium

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code.

Upstream CVSS v2 Score: 4.4

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:ND/RL:U/RC:C


Affected Software Versions:

  • Puppet Enterprise 2.x and 3.x

Resolved in:

  • Puppet Enterprise 2.8.8, 3.3.2