CVE-2014-8583

Опубликовано: 17 июн. 2014

Источник: redhat

CVSS2: 6.9

EPSS Низкий

Описание

mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.

Отчет

This issue affects the versions of mod_wsgi as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	mod_wsgi	Will not fix
Red Hat Enterprise Linux 7	mod_wsgi	Will not fix
Red Hat OpenShift Enterprise 2	python27-mod_wsgi	Will not fix
Red Hat Satellite 5.6	mod_wsgi	Will not fix
Red Hat Satellite 6	mod_wsgi	Will not fix
Red Hat Satellite Proxy 5.6	mod_wsgi	Will not fix
Red Hat Software Collections	python27-mod_wsgi	Will not fix
Red Hat Software Collections	python33-mod_wsgi	Will not fix
Red Hat Subscription Asset Manager	mod_wsgi	Will not fix
RHUI for RHEL 6	mod_wsgi	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-271

https://bugzilla.redhat.com/show_bug.cgi?id=1111034mod_wsgi: failure to handle errors when attempting to drop group privileges

EPSS

Процентиль: 29%

0.00107

Низкий

6.9 Medium

CVSS2

Связанные уязвимости

CVE-2014-8583

ubuntu

около 11 лет назад

CVE-2014-8583

nvd

около 11 лет назад

CVE-2014-8583

debian

около 11 лет назад

mod_wsgi before 4.2.4 for Apache, when creating a daemon process group ...

GHSA-6mwv-34hq-6gqx

github

больше 3 лет назад

EPSS

Процентиль: 29%

0.00107

Низкий

6.9 Medium

CVSS2