mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecified vectors.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | mod24_wsgi | 2018-04-26 16:33 | ALAS-2018-987 |
Amazon Linux 2 - Core | mod_wsgi | 2018-04-05 16:14 | ALAS2-2018-987 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 6.9 | AV:L/AC:M/Au:N/C:C/I:C/A:C |
NVD | CVSSv2 | 6.9 | AV:L/AC:M/Au:N/C:C/I:C/A:C |