Search for vulnerabilities
Vulnerability details: VCID-n12h-fyf6-97cc
Vulnerability ID VCID-n12h-fyf6-97cc
Aliases CVE-2014-0226
Summary A race condition was found in mod_status. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page.
Status Published
Exploitability 2.0
Weighted Severity 4.8
Risk 9.6
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-662 Improper Synchronization
CWE-122 Heap-based Buffer Overflow
System Score Found at
epss 0.77103 https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss 0.77103 https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss 0.77103 https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss 0.77103 https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss 0.85974 https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss 0.85974 https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss 0.90264 https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss 0.90264 https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss 0.90264 https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss 0.90264 https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss 0.90647 https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss 0.90647 https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss 0.90647 https://api.first.org/data/v1/epss?cve=CVE-2014-0226
apache_httpd moderate https://httpd.apache.org/security/json/CVE-2014-0226.json
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0226.json
https://api.first.org/data/v1/epss?cve=CVE-2014-0226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231
1120603 https://bugzilla.redhat.com/show_bug.cgi?id=1120603
CVE-2014-0226 https://httpd.apache.org/security/json/CVE-2014-0226.json
CVE-2014-0226;OSVDB-109216 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/34133.txt
RHSA-2014:0920 https://access.redhat.com/errata/RHSA-2014:0920
RHSA-2014:0921 https://access.redhat.com/errata/RHSA-2014:0921
RHSA-2014:0922 https://access.redhat.com/errata/RHSA-2014:0922
RHSA-2014:1019 https://access.redhat.com/errata/RHSA-2014:1019
RHSA-2014:1020 https://access.redhat.com/errata/RHSA-2014:1020
RHSA-2014:1021 https://access.redhat.com/errata/RHSA-2014:1021
RHSA-2014:1086 https://access.redhat.com/errata/RHSA-2014:1086
RHSA-2014:1087 https://access.redhat.com/errata/RHSA-2014:1087
RHSA-2014:1088 https://access.redhat.com/errata/RHSA-2014:1088
USN-2299-1 https://usn.ubuntu.com/2299-1/
Data source Exploit-DB
Date added July 21, 2014
Description Apache 2.4.7 mod_status - Scoreboard Handling Race Condition
Ransomware campaign use Unknown
Source publication date July 21, 2014
Exploit type dos
Platform linux
Source update date Dec. 19, 2016
Exploit Prediction Scoring System (EPSS)
Percentile 0.9893
EPSS Score 0.77103
Published At Sept. 20, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:28:59.636045+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2014-0226.json 37.0.0