Описание
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
Отчет
Red Hat Update Infrastructure 2.1.3 is now in Production 2 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Update Infrastructure Life Cycle: https://access.redhat.com/support/policy/updates/rhui.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | mod_wsgi | Not affected | ||
| Red Hat OpenShift Enterprise 2 | python27-mod_wsgi | Not affected | ||
| Red Hat Satellite 5.6 | mod_wsgi | Will not fix | ||
| Red Hat Satellite 6 | mod_wsgi | Not affected | ||
| Red Hat Satellite Proxy 5.6 | mod_wsgi | Will not fix | ||
| Red Hat Software Collections | python27-mod_wsgi | Not affected | ||
| Red Hat Software Collections | python33-mod_wsgi | Not affected | ||
| Red Hat Subscription Asset Manager | mod_wsgi | Not affected | ||
| RHUI for RHEL 6 | mod_wsgi | Will not fix | ||
| Red Hat Enterprise Linux 6 | mod_wsgi | Fixed | RHSA-2014:0788 | 25.06.2014 |
Показывать по
Дополнительная информация
Статус:
5 Medium
CVSS2
Связанные уязвимости
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
mod_wsgi module before 3.4 for Apache, when used in embedded mode, mig ...
mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.
5 Medium
CVSS2