Mod Wsgi
CVE-2014-8583
MEDIUM
Severity by source
AV:L/AC:M/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:M/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.
AnalysisAI
mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via. Rated medium severity (CVSS 6.9).
Technical ContextAI
This vulnerability is classified under CWE-254. mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors. Affected products include: Modwsgi Mod Wsgi. Version information: before 4.2.4.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
A vulnerability was found in mod_wsgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no au
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by
Same weakness CWE-254 – 7PK - Security Features
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today