CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
79.3%
Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
apache | mod_fcgid | * | cpe:2.3:a:apache:mod_fcgid:*:*:*:*:*:*:*:* |
apache | http_server | * | cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* |
debian | debian_linux | 6.0 | cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* |
debian | debian_linux | 7.0 | cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* |
suse | cloud | 1.0 | cpe:2.3:a:suse:cloud:1.0:*:*:*:*:*:*:* |
suse | cloud | 2.0 | cpe:2.3:a:suse:cloud:2.0:*:*:*:*:*:*:* |
opensuse | opensuse | 11.4 | cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* |
opensuse | opensuse | 12.2 | cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:* |
opensuse | opensuse | 12.3 | cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:* |
suse | linux_enterprise_software_development_kit | 11 | cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:* |
lists.opensuse.org/opensuse-security-announce/2013-11/msg00011.html
lists.opensuse.org/opensuse-updates/2013-10/msg00055.html
lists.opensuse.org/opensuse-updates/2013-10/msg00059.html
lists.opensuse.org/opensuse-updates/2013-11/msg00024.html
secunia.com/advisories/55197
svn.apache.org/viewvc?view=revision&revision=1527362
www.debian.org/security/2013/dsa-2778
www.mail-archive.com/dev%40httpd.apache.org/msg58077.html
www.securityfocus.com/bid/62939