Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2014:0789
HistoryJun 25, 2014 - 12:00 a.m.

(RHSA-2014:0789) Important: python27-mod_wsgi and python33-mod_wsgi security update

2014-06-2500:00:00
access.redhat.com
7

EPSS

0

Percentile

5.1%

JSON

The mod_wsgi adapter is an Apache module that provides a WSGI-compliant
interface for hosting Python-based web applications within Apache.

It was found that mod_wsgi did not properly drop privileges if the call to
setuid() failed. If mod_wsgi was set up to allow unprivileged users to run
WSGI applications, a local user able to run a WSGI application could
possibly use this flaw to escalate their privileges on the system.
(CVE-2014-0240)

Note: mod_wsgi is not intended to provide privilege separation for WSGI
applications. Systems relying on mod_wsgi to limit or sandbox the
privileges of mod_wsgi applications should migrate to a different solution
with proper privilege separation.

Red Hat would like to thank Graham Dumpleton for reporting this issue.
Upstream acknowledges RΓ³bert Kisteleki as the original reporter of this
issue.

All python27-mod_wsgi and python33-mod_wsgi users are advised to upgrade to
these updated packages, which contain a backported patch to correct this
issue.

OSVersionArchitecturePackageVersionFilename
RedHat6x86_64python27-mod_wsgi-debuginfo<Β 3.4-12.el6python27-mod_wsgi-debuginfo-3.4-12.el6.x86_64.rpm
RedHat6x86_64python27-mod_wsgi<Β 3.4-12.el6python27-mod_wsgi-3.4-12.el6.x86_64.rpm
RedHat7srcpython27-mod_wsgi<Β 3.4-13.el7python27-mod_wsgi-3.4-13.el7.src.rpm
RedHat6srcpython33-mod_wsgi<Β 3.4-14.el6python33-mod_wsgi-3.4-14.el6.src.rpm
RedHat6srcpython27-mod_wsgi<Β 3.4-12.el6python27-mod_wsgi-3.4-12.el6.src.rpm
RedHat7srcpython33-mod_wsgi<Β 3.4-13.el7python33-mod_wsgi-3.4-13.el7.src.rpm
RedHat7x86_64python33-mod_wsgi<Β 3.4-13.el7python33-mod_wsgi-3.4-13.el7.x86_64.rpm
RedHat7x86_64python33-mod_wsgi-debuginfo<Β 3.4-13.el7python33-mod_wsgi-debuginfo-3.4-13.el7.x86_64.rpm
RedHat7x86_64python27-mod_wsgi-debuginfo<Β 3.4-13.el7python27-mod_wsgi-debuginfo-3.4-13.el7.x86_64.rpm
RedHat7x86_64python27-mod_wsgi<Β 3.4-13.el7python27-mod_wsgi-3.4-13.el7.x86_64.rpm
Rows per page:
1-10 of 121

Related

openvas 14
oraclelinux 2
debiancve 1
nessus 18
centos 2
cvelist 1
nvd 1
prion 1
veracode 1
ubuntucve 1
redhat 2
cve 1
securityvulns 2
amazon 2
gentoo 1
ubuntu 1
fedora 2
osv 1
debian 1
openvas
openvas
CentOS Update for mod_wsgi CESA-2014:1091 centos7
2014-09-10 00:00:00
Oracle: Security Advisory (ELSA-2014-1091)
2015-10-06 00:00:00
RedHat Update for mod_wsgi RHSA-2014:1091-01
2014-08-26 00:00:00
oraclelinux
oraclelinux
mod_wsgi security update
2014-08-25 00:00:00
mod_wsgi security update
2014-06-25 00:00:00
debiancve
debiancve
CVE-2014-0240
2014-05-27 15:00:00
nessus
nessus
RHEL 7 : mod_wsgi (RHSA-2014:1091)
2014-08-26 00:00:00
Oracle Linux 7 : mod_wsgi (ELSA-2014-1091)
2014-08-26 00:00:00
CentOS 7 : mod_wsgi (CESA-2014:1091)
2014-08-26 00:00:00
centos
centos
mod_wsgi security update
2014-08-25 12:17:55
mod_wsgi security update
2014-06-25 19:01:10
cvelist
cvelist
CVE-2014-0240
2014-05-27 15:00:00
nvd
nvd
CVE-2014-0240
2014-05-27 14:55:12
prion
prion
Code injection
2014-05-27 14:55:00
veracode
veracode
Privilege Escalation
2019-01-15 08:54:30
ubuntucve
ubuntucve
CVE-2014-0240
2014-05-23 00:00:00
redhat
redhat
(RHSA-2014:1091) Important: mod_wsgi security update
2014-08-25 00:00:00
(RHSA-2014:0788) Important: mod_wsgi security update
2014-06-25 00:00:00
cve
cve
CVE-2014-0240
2014-05-27 15:00:00
securityvulns
securityvulns
mod-wsgi security vulnerabilities
2014-05-29 00:00:00
[SECURITY] [DSA 2937-1] mod-wsgi security update
2014-05-29 00:00:00
amazon
amazon
Important: mod_wsgi
2014-07-09 23:07:00
Important: mod24_wsgi
2014-07-09 23:02:00
gentoo
gentoo
mod_wsgi: Privilege escalation
2014-12-13 00:00:00
ubuntu
ubuntu
mod_wsgi vulnerabilities
2014-05-26 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: mod_wsgi-3.5-1.fc19
2014-06-17 23:35:19
[SECURITY] Fedora 20 Update: mod_wsgi-3.5-1.fc20
2014-06-17 23:26:05
osv
osv
mod-wsgi - security update
2014-05-27 00:00:00
debian
debian
[SECURITY] [DSA 2937-1] mod-wsgi security update
2014-05-27 14:35:16

EPSS

0

Percentile

5.1%

JSON
Related for RHSA-2014:0789
openvas14oraclelinux2debiancve1nessus18centos2cvelist1nvd1prion1veracode1ubuntucve1redhat2cve1securityvulns2amazon2gentoo1ubuntu1fedora2osv1debian1