Lucene search
Veracode Vulnerability DatabaseVERACODE:15304HistoryMay 02, 2019 - 4:58 a.m.
Information Disclosure
2019-05-0204:58:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
0.071 Low
EPSS
Percentile
94.0%
The mod_wsgi adapter is vulnerabel to information disclosure. The attack is possible because the function mod_wsgi leaks memory of a hosted web application via the “Content-Type” header, allowing an attacker to reveal limited portions of the web application’s memory.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mod_wsgi | eq | 3.2__3.sslpatch.el6 | |
| mod_wsgi | eq | 3.2__3.el6 | |
| mod_wsgi | eq | 3.2__1.el6 |
References
blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html
modwsgi.readthedocs.org/en/latest/release-notes/version-3.4.html
www.openwall.com/lists/oss-security/2014/05/21/1
www.securityfocus.com/bid/67534
access.redhat.com/security/updates/classification/#important
rhn.redhat.com/errata/RHSA-2014-0788.html
Related
cvelist
cvelist
CVE-2014-0242
2019-12-09 19:33:29
cve
cve
CVE-2014-0242
2019-12-09 20:15:09
nessus
nessus
Apache mod_wsgi < 3.4 Remote Information Disclosure
2014-07-14 00:00:00
Fedora 20 : mod_wsgi-3.5-1.fc20 (2014-6944)
2014-06-18 00:00:00
GLSA-201412-21 : mod_wsgi: Privilege escalation
2014-12-15 00:00:00
nvd
nvd
CVE-2014-0242
2019-12-09 20:15:09
debiancve
debiancve
CVE-2014-0242
2019-12-09 20:15:09
prion
prion
Design/Logic Flaw
2019-12-09 20:15:00
ubuntucve
ubuntucve
CVE-2014-0242
2014-05-23 00:00:00
openvas
openvas
Fedora Update for mod_wsgi FEDORA-2014-6938
2014-06-23 00:00:00
Oracle: Security Advisory (ELSA-2014-0788)
2015-10-06 00:00:00
RedHat Update for mod_wsgi RHSA-2014:0788-01
2014-07-01 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: mod_wsgi-3.5-1.fc20
2014-06-17 23:26:05
[SECURITY] Fedora 19 Update: mod_wsgi-3.5-1.fc19
2014-06-17 23:35:19
osv
osv
mod-wsgi - security update
2014-05-27 00:00:00
debian
debian
[SECURITY] [DSA 2937-1] mod-wsgi security update
2014-05-27 14:35:16
amazon
amazon
Important: mod24_wsgi
2014-07-09 23:02:00
Important: mod_wsgi
2014-07-09 23:07:00
centos
centos
mod_wsgi security update
2014-06-25 19:01:10
oraclelinux
oraclelinux
mod_wsgi security update
2014-06-25 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2937-1] mod-wsgi security update
2014-05-29 00:00:00
mod-wsgi security vulnerabilities
2014-05-29 00:00:00
redhat
redhat
(RHSA-2014:0788) Important: mod_wsgi security update
2014-06-25 00:00:00
ubuntu
ubuntu
mod_wsgi vulnerabilities
2014-05-26 00:00:00
gentoo
gentoo
mod_wsgi: Privilege escalation
2014-12-13 00:00:00