ELSA-2014-0921 -- Oracle httpdID: oval:org.secpod.oval:def:1500635 | Date: (C)2014-08-22 (M)2024-02-19 |
Class: PATCH | Family: unix |
A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user.