NVD

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( Dot gov ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:

Keyword (text search): cpe:2.3:a:modwsgi:mod_wsgi:1.3:*:*:*:*:*:*:*
CPE Name Search: true

There are 3 matching records.

Displaying matches 1 through 3.

Vuln ID	Summary	CVSS Severity
CVE-2014-0242	mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread. Published: December 09, 2019; 3:15:09 PM -0500	V3.1: 7.5 HIGH V2.0: 4.3 MEDIUM
CVE-2014-8583	mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors. Published: December 16, 2014; 1:59:08 PM -0500	V3.x:(not available) V2.0: 6.9 MEDIUM
CVE-2014-0240	The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain privileges via vectors related to the number of running processes. Published: May 27, 2014; 10:55:12 AM -0400	V3.x:(not available) V2.0: 6.2 MEDIUM

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Search Results (Refine Search)