RULE(RULE ID:320730)

Rule General Information
Release Date: 2018-05-08
Rule Name: Apache HTTP Server mod_status Heap Buffer Overflow Vulnerability -1 (CVE-2014-0226)
Severity:
CVE ID:
Rule Protection Details
Description: Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
Impact: A buffer overflow vulnerability can be triggered by an attacker in the context of the vulnerable product. Further attacks includes arbitrary code execution and denial of service.
Affected OS: Network Device, Solaris, FreeBSD, Windows, Mac OS, Other Unix, Linux
Reference: http://httpd.apache.org/security/vulnerabilities_24.html
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
ExploitDB:34133
SecurityFocusBID:68678
ZeroDayInitiative:ZDI-14-236
Solutions
Upgrade to version 2.4.10-dev to solve the vulnerability.