The mod_wsgi adapter is vulnerabel to information disclosure. The attack is possible because the function mod_wsgi
leaks memory of a hosted web application via the “Content-Type” header, allowing an attacker to reveal limited portions of the web application’s memory.
CPE | Name | Operator | Version |
---|---|---|---|
mod_wsgi | eq | 3.2__3.sslpatch.el6 | |
mod_wsgi | eq | 3.2__3.el6 | |
mod_wsgi | eq | 3.2__1.el6 |
blog.dscpl.com.au/2014/05/security-release-for-modwsgi-version-35.html
modwsgi.readthedocs.org/en/latest/release-notes/version-3.4.html
www.openwall.com/lists/oss-security/2014/05/21/1
www.securityfocus.com/bid/67534
access.redhat.com/security/updates/classification/#important
rhn.redhat.com/errata/RHSA-2014-0788.html