Lucene search
+L

238 matches found

debiancve
debiancve
added 2014/12/16 6:0 p.m.17 views

CVE-2014-8583

modwsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors...

6.9CVSS6.6AI score0.00403EPSS
Exploits0
cve
cve
added 2014/12/16 6:0 p.m.70 views

CVE-2014-8583

CVE-2014-8583 : mod_wsgi (Apache) before 4.2.4 fails to handle when it cannot drop group privileges during daemon process group creation, potentially allowing local privilege escalation via unspecified vectors. Affected software: mod_wsgi before 4.2.4. Impact: attacker could gain privileges with ...

6.9CVSS6.6AI score0.00403EPSS
Exploits0References10Affected Software1
nessus
nessus
added 2014/12/16 12:0 a.m.20 views

Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2014:253)

Updated apache-modwsgi package fixes security vulnerability : It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode...

6.9CVSS5.4AI score0.00403EPSS
Exploits0References2
nessus
nessus
added 2014/12/15 12:0 a.m.20 views

GLSA-201412-21 : mod_wsgi: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201412-21 modwsgi: Privilege escalation Two vulnerabilities have been found in modwsgi: Error codes returned by setuid are not properly handled CVE-2014-0240 A memory leak exists via the Content-Type header CVE-2014-0242 Impact : ...

7.5CVSS6.6AI score0.08526EPSS
Exploits0References3
gentoo
gentoo
added 2014/12/13 12:0 a.m.34 views

mod_wsgi: Privilege escalation

Background modwsgi is an Apache2 module for running Python WSGI applications. Description Two vulnerabilities have been found in modwsgi: Error codes returned by setuid are not properly handled CVE-2014-0240 A memory leak exists via the “Content-Type” header CVE-2014-0242 Impact A local attacker...

7.5CVSS8.2AI score0.08526EPSS
Exploits0
nessus
nessus
added 2014/12/09 12:0 a.m.26 views

openSUSE Security Update : apache2-mod_wsgi (openSUSE-SU-2014:1590-1)

apache2-modwsgi was updated to fix one security issue. This security issue was fixed : - Failure to handle errors when attempting to drop group privileges CVE-2014-8583. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

6.9CVSS5.3AI score0.00403EPSS
Exploits0References3
nessus
nessus
added 2014/12/07 12:0 a.m.12 views

Fedora 21 : mod_wsgi-4.3.2-1.fc21 (2014-15586)

Update to new upstream version 4.3.2. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

5.4AI score
Exploits0References3
fedora
fedora
added 2014/12/06 10:24 a.m.11 views

[SECURITY] Fedora 21 Update: mod_wsgi-4.3.2-1.fc21

The modwsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter is written completely in C code against the Apache C runtime and for hosting WSGI applications within Apache has a lower overhead than using existi...

3.8AI score
Exploits0
mageia
mageia
added 2014/12/05 4:59 p.m.27 views

Updated apache-mod_wsgi package fixes security vulnerability

It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode CVE-2014-8583...

6.9CVSS6.6AI score0.00403EPSS
Exploits0References2
osv
osv
added 2014/12/05 4:59 p.m.8 views

MGASA-2014-0513 Updated apache-mod_wsgi package fixes security vulnerability

It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode CVE-2014-8583...

6.9CVSS7.7AI score0.00403EPSS
Exploits0References3
nessus
nessus
added 2014/12/05 12:0 a.m.23 views

Ubuntu 14.04 LTS : MAAS regression (USN-2431-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2431-2 advisory. USN-2431-1 fixed vulnerabilities in modwsgi. The security update exposed an issue in the MAAS package, causing a regression. This update fixes the problem. We...

5.6AI score
Exploits0References1
osv
osv
added 2014/12/04 8:25 p.m.1 views

USN-2431-2 maas regression

USN-2431-1 fixed vulnerabilities in modwsgi. The security update exposed an issue in the MAAS package, causing a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that modwsgi incorrectly handled errors when setting up the...

5.8AI score
Exploits0References2
ubuntu
ubuntu
added 2014/12/04 8:25 p.m.34 views

USN-2431-2: MAAS regression

USN-2431-1 fixed vulnerabilities in modwsgi. The security update exposed an issue in the MAAS package, causing a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that modwsgi incorrectly handled errors when setting up the...

5.5AI score
Exploits0References1
nessus
nessus
added 2014/12/04 12:0 a.m.23 views

Ubuntu 14.04 LTS : mod_wsgi vulnerability (USN-2431-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2431-1 advisory. It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly us...

6.9CVSS5.5AI score0.00403EPSS
Exploits0References2
osv
osv
added 2014/12/03 2:11 p.m.2 views

USN-2431-1 mod-wsgi vulnerability

It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode...

6.9CVSS5.8AI score0.00403EPSS
Exploits0References2
osv
osv
added 2014/11/04 12:0 a.m.4 views

UBUNTU-CVE-2014-8583

modwsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors...

6.9CVSS5.8AI score0.00403EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2014/11/04 12:0 a.m.21 views

CVE-2014-8583

modwsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors...

6.9CVSS5.9AI score0.00403EPSS
Exploits0References4
nessus
nessus
added 2014/10/12 12:0 a.m.25 views

Amazon Linux AMI : mod_wsgi (ALAS-2014-376)

It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: modwsgi i...

7.5CVSS6.6AI score0.08526EPSS
Exploits0References3
nessus
nessus
added 2014/10/12 12:0 a.m.19 views

Amazon Linux AMI : mod24_wsgi (ALAS-2014-375)

It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: modwsgi i...

7.5CVSS6.6AI score0.08526EPSS
Exploits0References3
openvas
openvas
added 2014/09/10 12:0 a.m.16 views

CentOS Update for mod_wsgi CESA-2014:1091 centos7

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.2CVSS6.5AI score0.00411EPSS
Exploits0References2
Rows per page
Query Builder