Hola. Estoy siguiendo un curso de pentesting, pero me ha saltado la siguiente duda, al analizar una web con nessus, me entrega el siguiente reporte en apache.

According to its banner, the version of Apache 2.4 installed on the remote host is a version prior to 2.4.10. It is, therefore, affected by the following vulnerabilities :

- A flaw exists in the 'mod_proxy' module that may allow an attacker to send a specially crafted request to a server configured as a reverse proxy that may cause the child process to crash. This could potentially lead to a denial of service attack. (CVE-2014-0117)

- A flaw exists in the 'mod_deflate' module when request body decompression is configured. This could allow a remote attacker to cause the server to consume significant resources. (CVE-2014-0118)

- A flaw exists in the 'mod_status' module when a publicly accessible server status page is in place.
This could allow an attacker to send a specially crafted request designed to cause a heap buffer overflow. (CVE-2014-0226)

- A flaw exists in the 'mod_cgid' module in which CGI scripts that did not consume standard input may be manipulated in order to cause child processes to hang. A remote attacker may be able to abuse this in order to cause a denial of service.
(CVE-2014-0231)

- A flaw exists in WinNT MPM versions 2.4.1 to 2.4.9 when using the default AcceptFilter. An attacker may be able to specially craft requests that create a memory leak in the application and may eventually lead to a denial of service attack. (CVE-2014-3523)

Al leer y buscar sobre las vulnerabilidades, por ejemplo la primera CVE-2014-0117 me aparece esto en el apartado de exploiting

Exploiting

Class: Denial of service
Local: No
Remote: Yes

Availability: No
Status: Unproven

y entro lugar me aparece esto

The vulnerability was handled as a non-public zero-day exploit for at least 28 days.

Esto quiere decir que la vulnerabilidad aun es un 0-day, que no es publica y que será publicada dentro de 28 dias?, de ser así existe alguna forma de saber como explotar la vulnerabilidad en alguna otra pagina?.

Esta pregunta para algunos puede ser abstante obvia la respuesta, pero a veces en la vida necesitamos que alguien nos diga, "si asi es", o "no no es asi".

Saludos.

I read until I remembered.