Description
Cytrix has detected that the version of Apache HTTP Server being used is vulnerable to a Resource Management Errors vulnerability (CWE-399).
The CVE-2014-0231 is caused due to improper management of system resources.
The mod_cgid module in the version of Apache HTTP Server being used does not have a timeout mechanism.
An attacker could cause child processes to hang indefinitely which leads to a denial of service (by enacting a “process hang”) via a request to a CGI script that does not read from its stdin file descriptor.
This will cause a decrease in performance and also for interruptions in the availability of resources.
Recommendation
To fix CVE-2014-0231, upgrade the version of Apache HTTP Server being used to either 2.2.29 or 2.4.10 (and higher than 2.4.10)
References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0231
https://cwe.mitre.org/data/definitions/399.html