Apache Httpd < 2.4.10 : mod_status buffer overflow

ID HTTPD:3EDB21E49474605400D2476536BB9C24
Type httpd
Reporter Apache Team Foundation
Modified 2014-07-15T00:00:00


A race condition was found in mod_status. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page.