oval:org.mitre.oval:def:25138

Definition Id: oval:org.mitre.oval:def:25138

Oval ID:	oval:org.mitre.oval:def:25138
Title:	RHSA-2014:0788: mod_wsgi security update (Important)
Description:	The mod_wsgi adapter is an Apache module that provides a WSGI-compliant interface for hosting Python-based web applications within Apache. It was found that mod_wsgi did not properly drop privileges if the call to setuid() failed. If mod_wsgi was set up to allow unprivileged users to run WSGI applications, a local user able to run a WSGI application could possibly use this flaw to escalate their privileges on the system. (CVE-2014-0240) Note: mod_wsgi is not intended to provide privilege separation for WSGI applications. Systems relying on mod_wsgi to limit or sandbox the privileges of mod_wsgi applications should migrate to a different solution with proper privilege separation. It was discovered that mod_wsgi could leak memory of a hosted web application via the "Content-Type" header. A remote attacker could possibly use this flaw to disclose limited portions of the web application's memory. (CVE-2014-0242) Red Hat would like to thank Graham Dumpleton for reporting these issues. Upstream acknowledges RÃ³bert Kisteleki as the original reporter of CVE-2014-0240, and Buck Golemon as the original reporter of CVE-2014-0242. All mod_wsgi users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
Family:	unix	Class:	patch
Reference(s):	RHSA-2014:0788-00 CESA-2014:0788 CVE-2014-0240 CVE-2014-0242	Version:	3
Platform(s):	Red Hat Enterprise Linux 6 CentOS Linux 6	Product(s):	mod_wsgi
Definition Synopsis:
mod_wsgi is earlier than 0:3.2-6.el6_5 Redhat 6 or Centos 6 release The operating system installed on the system is Red Hat Enterprise Linux 6 AND The operating system installed on the system is CentOS Linux 6.x

Definition Id: oval:org.mitre.oval:def:20273

Oval ID:	oval:org.mitre.oval:def:20273
Title:	The operating system installed on the system is Red Hat Enterprise Linux 6
Description:	The operating system installed on the system is Red Hat Enterprise Linux 6.
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:redhat:enterprise_linux:6	Version:	6
Platform(s):	Red Hat Enterprise Linux 6	Product(s):
Definition Synopsis:
Red Hat Enterprise 6 is installed AND NOT Oracle Linux 6.x is installed
Referenced By:
oval:org.mitre.oval:def:25138

Definition Id: oval:org.mitre.oval:def:16337

Oval ID:	oval:org.mitre.oval:def:16337
Title:	The operating system installed on the system is CentOS Linux 6.x
Description:	The operating system installed on the system is CentOS Linux 6.x
Family:	unix	Class:	inventory
Reference(s):	cpe:/o:centos:centos:6	Version:	5
Platform(s):	CentOS Linux 6	Product(s):
Definition Synopsis:
the installed operating system is part of the Unix family AND CentOS Linux 6.x is installed
Referenced By:
oval:org.mitre.oval:def:25138

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0234s

Facebook rss twitter linkedin mail