Detections
Analytics
Debian DSA-2937-1 : mod-wsgi - security update
high Nessus Plugin ID 74197
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Two security issues have been found in the Python WSGI adapter module for Apache :- CVE-2014-0240 Robert Kisteleki discovered a potential privilege escalation in daemon mode. This is not exploitable with the kernel used in Debian 7.0/wheezy.
- CVE-2014-0242 Buck Golemon discovered that incorrect memory handling could lead to information disclosure when processing Content-Type headers.
Solution
Upgrade the mod-wsgi packages.For the oldstable distribution (squeeze), these problems have been fixed in version 3.3-2+deb6u1.
For the stable distribution (wheezy), these problems have been fixed in version 3.3-4+deb7u1.
See Also
https://security-tracker.debian.org/tracker/CVE-2014-0240
https://security-tracker.debian.org/tracker/CVE-2014-0242
https://packages.debian.org/source/squeeze/mod-wsgi
Plugin Details
Severity: High
ID: 74197
File Name: debian_DSA-2937.nasl
Version: 1.8
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 5/28/2014
Updated: 1/11/2021
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.2
Temporal Score: 4.6
Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C
CVSS v3
Risk Factor: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Information
CPE: cpe:/o:debian:debian_linux:6.0, cpe:/o:debian:debian_linux:7.0, p-cpe:/a:debian:debian_linux:mod-wsgi
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Exploit Ease: No known exploits are available
Patch Publication Date: 5/27/2014
Vulnerability Publication Date: 5/27/2014
Reference Information
CVE: CVE-2014-0240, CVE-2014-0242
DSA: 2937