238 matches found
CVE-2014-8583
modwsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors...
CVE-2014-8583
CVE-2014-8583 : mod_wsgi (Apache) before 4.2.4 fails to handle when it cannot drop group privileges during daemon process group creation, potentially allowing local privilege escalation via unspecified vectors. Affected software: mod_wsgi before 4.2.4. Impact: attacker could gain privileges with ...
Mandriva Linux Security Advisory : apache-mod_wsgi (MDVSA-2014:253)
Updated apache-modwsgi package fixes security vulnerability : It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode...
GLSA-201412-21 : mod_wsgi: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-201412-21 modwsgi: Privilege escalation Two vulnerabilities have been found in modwsgi: Error codes returned by setuid are not properly handled CVE-2014-0240 A memory leak exists via the Content-Type header CVE-2014-0242 Impact : ...
mod_wsgi: Privilege escalation
Background modwsgi is an Apache2 module for running Python WSGI applications. Description Two vulnerabilities have been found in modwsgi: Error codes returned by setuid are not properly handled CVE-2014-0240 A memory leak exists via the “Content-Type” header CVE-2014-0242 Impact A local attacker...
openSUSE Security Update : apache2-mod_wsgi (openSUSE-SU-2014:1590-1)
apache2-modwsgi was updated to fix one security issue. This security issue was fixed : - Failure to handle errors when attempting to drop group privileges CVE-2014-8583. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
Fedora 21 : mod_wsgi-4.3.2-1.fc21 (2014-15586)
Update to new upstream version 4.3.2. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...
[SECURITY] Fedora 21 Update: mod_wsgi-4.3.2-1.fc21
The modwsgi adapter is an Apache module that provides a WSGI compliant interface for hosting Python based web applications within Apache. The adapter is written completely in C code against the Apache C runtime and for hosting WSGI applications within Apache has a lower overhead than using existi...
Updated apache-mod_wsgi package fixes security vulnerability
It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode CVE-2014-8583...
MGASA-2014-0513 Updated apache-mod_wsgi package fixes security vulnerability
It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode CVE-2014-8583...
Ubuntu 14.04 LTS : MAAS regression (USN-2431-2)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2431-2 advisory. USN-2431-1 fixed vulnerabilities in modwsgi. The security update exposed an issue in the MAAS package, causing a regression. This update fixes the problem. We...
USN-2431-2 maas regression
USN-2431-1 fixed vulnerabilities in modwsgi. The security update exposed an issue in the MAAS package, causing a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that modwsgi incorrectly handled errors when setting up the...
USN-2431-2: MAAS regression
USN-2431-1 fixed vulnerabilities in modwsgi. The security update exposed an issue in the MAAS package, causing a regression. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that modwsgi incorrectly handled errors when setting up the...
Ubuntu 14.04 LTS : mod_wsgi vulnerability (USN-2431-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2431-1 advisory. It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly us...
USN-2431-1 mod-wsgi vulnerability
It was discovered that modwsgi incorrectly handled errors when setting up the working directory and group access rights. A malicious application could possibly use this issue to cause a local privilege escalation when using daemon mode...
UBUNTU-CVE-2014-8583
modwsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors...
CVE-2014-8583
modwsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors...
Amazon Linux AMI : mod_wsgi (ALAS-2014-376)
It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: modwsgi i...
Amazon Linux AMI : mod24_wsgi (ALAS-2014-375)
It was found that modwsgi did not properly drop privileges if the call to setuid failed. If modwsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. Note: modwsgi i...
CentOS Update for mod_wsgi CESA-2014:1091 centos7
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...