Description
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.
Remediation
References
Related Vulnerabilities
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-3169)
WordPress Plugin CPT Bootstrap Carousel Cross-Site Scripting (1.12)
Drupal Core 8.0.x Multiple Vulnerabilities (8.0.0 - 8.0.3)
WordPress Plugin Import Spreadsheets from Microsoft Excel Arbitrary File Upload (10.1.4)
WordPress Plugin mb.YTPlayer for background videos Unspecified Vulnerability (1.7.2)