VulnerableCode Vulnerability Details - VCID-n12h-fyf6-97cc

Search for vulnerabilities

Vulnerability details: VCID-n12h-fyf6-97cc

Essentials
Severities (9)
References (18)
Severity details (1)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-n12h-fyf6-97cc
Aliases	CVE-2014-0226
Summary	A race condition was found in mod_status. An attacker able to access a public server status page on a server using a threaded MPM could send a carefully crafted request which could lead to a heap buffer overflow. Note that it is not a default or recommended configuration to have a public accessible server status page.
Status	Published
Exploitability	2.0
Weighted Severity	4.8
Risk	9.6
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-662	Improper Synchronization
CWE-122	Heap-based Buffer Overflow

System	Score	Found at
epss	0.85974	https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss	0.85974	https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss	0.90264	https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss	0.90264	https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss	0.90264	https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss	0.90647	https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss	0.90647	https://api.first.org/data/v1/epss?cve=CVE-2014-0226
epss	0.90647	https://api.first.org/data/v1/epss?cve=CVE-2014-0226
apache_httpd	moderate	https://httpd.apache.org/security/json/CVE-2014-0226.json

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0226.json
		https://api.first.org/data/v1/epss?cve=CVE-2014-0226
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0118
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0226
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231
1120603		https://bugzilla.redhat.com/show_bug.cgi?id=1120603
CVE-2014-0226		https://httpd.apache.org/security/json/CVE-2014-0226.json
CVE-2014-0226;OSVDB-109216	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/34133.txt
RHSA-2014:0920		https://access.redhat.com/errata/RHSA-2014:0920
RHSA-2014:0921		https://access.redhat.com/errata/RHSA-2014:0921
RHSA-2014:0922		https://access.redhat.com/errata/RHSA-2014:0922
RHSA-2014:1019		https://access.redhat.com/errata/RHSA-2014:1019
RHSA-2014:1020		https://access.redhat.com/errata/RHSA-2014:1020
RHSA-2014:1021		https://access.redhat.com/errata/RHSA-2014:1021
RHSA-2014:1086		https://access.redhat.com/errata/RHSA-2014:1086
RHSA-2014:1087		https://access.redhat.com/errata/RHSA-2014:1087
RHSA-2014:1088		https://access.redhat.com/errata/RHSA-2014:1088
USN-2299-1		https://usn.ubuntu.com/2299-1/

Data source	Exploit-DB
Date added	July 21, 2014
Description	Apache 2.4.7 mod_status - Scoreboard Handling Race Condition
Ransomware campaign use	Unknown
Source publication date	July 21, 2014
Exploit type	dos
Platform	linux
Source update date	Dec. 19, 2016

Exploit Prediction Scoring System (EPSS)

Percentile	0.99358
EPSS Score	0.85974
Published At	Aug. 1, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:28:59.636045+00:00	Apache HTTPD Importer	Import	https://httpd.apache.org/security/json/CVE-2014-0226.json	37.0.0