A Security scan may falsely indicate a potential vulnerability against DataNow / Insight appliances with reference CVE-2014-0231
Vulnerability Summary for CVE-2014-0231
Original release date: 07/20/2014
Last revised: 04/14/2015
The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 5.0 (MEDIUM) (AV:N/AC:L/Au:N/C:N/I:N/A:P) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows disruption of service
This false positive is reported by some vulnerability scanners because the mod_cgid apache module is vulnerable in versions of Apache prior to 2.4.10.
This module is not loaded in the Apache configuratiuon for DataNow.
This false positive can be safely ignored.