24 matches found
MiracleLinux 4 : mod_wsgi-3.2-6.AXS4 (AXSA:2014-409:01)
The remote MiracleLinux 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2014-409:01 advisory. The modwsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter...
CVE-2014-0242
modwsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread...
CVE-2014-0242
CVE-2014-0242 affects the mod_wsgi Apache module (pre-3.4 in embedded mode). It can cause memory contents to be leaked via the Content-Type header, enabling disclosure of sensitive information. The issue is coupled with CVE-2014-0240 (privilege escalation). Public advisories and Nessus/Gentoo ent...
CVE-2014-0242
modwsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread...
Gentoo Security Advisory GLSA 201412-21
Gentoo Linux Local Security Checks GLSA 201412-21 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
GLSA-201412-21 : mod_wsgi: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-201412-21 modwsgi: Privilege escalation Two vulnerabilities have been found in modwsgi: Error codes returned by setuid are not properly handled CVE-2014-0240 A memory leak exists via the Content-Type header CVE-2014-0242 Impact : ...
mod_wsgi: Privilege escalation
Background modwsgi is an Apache2 module for running Python WSGI applications. Description Two vulnerabilities have been found in modwsgi: Error codes returned by setuid are not properly handled CVE-2014-0240 A memory leak exists via the “Content-Type” header CVE-2014-0242 Impact A local attacker...
Important: mod24_wsgi
Issue Overview: It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system...
RedHat Update for mod_wsgi RHSA-2014:0788-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 6 : mod_wsgi (RHSA-2014:0788)
An updated modwsgi package that fixes two security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Oracle Linux 6 : mod_wsgi (ELSA-2014-0788)
The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2014-0788 advisory. - fix for CVE-2014-0242 1104685 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...
CentOS 6 : mod_wsgi (CESA-2014:0788)
An updated modwsgi package that fixes two security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
Important: Red Hat Security Advisory: mod_wsgi security update
An updated modwsgi package that fixes two security issues is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...
mod_wsgi security update
3.2-6 - fix for CVE-2014-0242 1104685 3.2-4 - fix for CVE-2014-0240 1104687...
Fedora Update for mod_wsgi FEDORA-2014-6944
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 20 : mod_wsgi-3.5-1.fc20 (2014-6944)
http://modwsgi.readthedocs.org/en/develop/release-notes/version-3.5.ht ml Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
Ubuntu: Security Advisory (USN-2222-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 2937-1] mod-wsgi security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2937-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 27, 2014 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2937-1] mod-wsgi security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2937-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff May 27, 2014 http://www.debian.org/security/faq -...
DSA-2937-1 mod-wsgi - security update
Bulletin has no description...