February 9, 2017 | Hacker News | No Comments
An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page.
- Product HTTPD exists — Apache HTTPD 2.4.7
- Vulnerable version of product HTTPD found — Apache HTTPD 2.4.7
Vulnerability ID : apache-httpd-cve-2014-0226