oval:org.mitre.oval:def:25138
Definition Id: oval:org.mitre.oval:def:25138 | |||
Oval ID: | oval:org.mitre.oval:def:25138 | ||
Title: | RHSA-2014:0788: mod_wsgi security update (Important) | ||
Description: | The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. (CVE-2014-0240) Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation. It was discovered that mod_wsgi could leak memory of a hosted web application via the "Content-Type" header. A remote attacker could possibly use this flaw to disclose limited portions of the web application's memory. (CVE-2014-0242) Red Hat would like to thank Graham Dumpleton for reporting these issues. Upstream acknowledges Róbert Kisteleki as the original reporter of CVE-2014-0240, and Buck Golemon as the original reporter of CVE-2014-0242. All mod_wsgi users are advised to upgrade to this updated package, which contains backported patches to correct these issues. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2014:0788-00 CESA-2014:0788 CVE-2014-0240 CVE-2014-0242 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 6 CentOS Linux 6 | Product(s): | mod_wsgi |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:20273 | |||
Oval ID: | oval:org.mitre.oval:def:20273 | ||
Title: | The operating system installed on the system is Red Hat Enterprise Linux 6 | ||
Description: | The operating system installed on the system is Red Hat Enterprise Linux 6. | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:redhat:enterprise_linux:6 | Version: | 6 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:25138 |
Definition Id: oval:org.mitre.oval:def:16337 | |||
Oval ID: | oval:org.mitre.oval:def:16337 | ||
Title: | The operating system installed on the system is CentOS Linux 6.x | ||
Description: | The operating system installed on the system is CentOS Linux 6.x | ||
Family: | unix | Class: | inventory |
Reference(s): | cpe:/o:centos:centos:6 | Version: | 5 |
Platform(s): | CentOS Linux 6 | Product(s): | |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:25138 |