var-202004-0999
Vulnerability from variot
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. 7) - x86_64
-
8) - aarch64, noarch, ppc64le, s390x, x86_64
The following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: httpd24-httpd and httpd24-mod_md security and enhancement update Advisory ID: RHSA-2020:2263-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:2263 Issue date: 2020-05-26 CVE Names: CVE-2019-10098 CVE-2020-1927 ==================================================================== 1. Summary:
An update for httpd24-httpd and httpd24-mod_md is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
-
httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927)
-
httpd: mod_rewrite potential open redirect (CVE-2019-10098)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Software Collections 3.5 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1743959 - CVE-2019-10098 httpd: mod_rewrite potential open redirect 1820761 - CVE-2020-1927 httpd: mod_rewrite configurations vulnerable to open redirect
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: httpd24-httpd-2.4.34-18.el6.src.rpm
noarch: httpd24-httpd-manual-2.4.34-18.el6.noarch.rpm
x86_64: httpd24-httpd-2.4.34-18.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el6.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el6.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el6.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el6.x86_64.rpm httpd24-mod_session-2.4.34-18.el6.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: httpd24-httpd-2.4.34-18.el6.src.rpm
noarch: httpd24-httpd-manual-2.4.34-18.el6.noarch.rpm
x86_64: httpd24-httpd-2.4.34-18.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el6.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el6.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el6.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el6.x86_64.rpm httpd24-mod_session-2.4.34-18.el6.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-httpd-2.4.34-18.el7.src.rpm httpd24-mod_md-2.0.8-1.el7.src.rpm
aarch64: httpd24-httpd-2.4.34-18.el7.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.aarch64.rpm httpd24-httpd-devel-2.4.34-18.el7.aarch64.rpm httpd24-httpd-tools-2.4.34-18.el7.aarch64.rpm httpd24-mod_ldap-2.4.34-18.el7.aarch64.rpm httpd24-mod_md-2.0.8-1.el7.aarch64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.aarch64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.aarch64.rpm httpd24-mod_session-2.4.34-18.el7.aarch64.rpm httpd24-mod_ssl-2.4.34-18.el7.aarch64.rpm
noarch: httpd24-httpd-manual-2.4.34-18.el7.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm httpd24-mod_md-2.0.8-1.el7.ppc64le.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-18.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.s390x.rpm httpd24-mod_md-2.0.8-1.el7.s390x.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm httpd24-mod_session-2.4.34-18.el7.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.s390x.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: httpd24-httpd-2.4.34-18.el7.src.rpm httpd24-mod_md-2.0.8-1.el7.src.rpm
aarch64: httpd24-httpd-2.4.34-18.el7.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.aarch64.rpm httpd24-httpd-devel-2.4.34-18.el7.aarch64.rpm httpd24-httpd-tools-2.4.34-18.el7.aarch64.rpm httpd24-mod_ldap-2.4.34-18.el7.aarch64.rpm httpd24-mod_md-2.0.8-1.el7.aarch64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.aarch64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.aarch64.rpm httpd24-mod_session-2.4.34-18.el7.aarch64.rpm httpd24-mod_ssl-2.4.34-18.el7.aarch64.rpm
noarch: httpd24-httpd-manual-2.4.34-18.el7.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm httpd24-mod_md-2.0.8-1.el7.ppc64le.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-18.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.s390x.rpm httpd24-mod_md-2.0.8-1.el7.s390x.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm httpd24-mod_session-2.4.34-18.el7.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.s390x.rpm
x86_64: httpd24-httpd-2.4.34-18.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm httpd24-mod_md-2.0.8-1.el7.x86_64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: httpd24-httpd-2.4.34-18.el7.src.rpm httpd24-mod_md-2.0.8-1.el7.src.rpm
noarch: httpd24-httpd-manual-2.4.34-18.el7.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm httpd24-mod_md-2.0.8-1.el7.ppc64le.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-18.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.s390x.rpm httpd24-mod_md-2.0.8-1.el7.s390x.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm httpd24-mod_session-2.4.34-18.el7.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.s390x.rpm
x86_64: httpd24-httpd-2.4.34-18.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm httpd24-mod_md-2.0.8-1.el7.x86_64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: httpd24-httpd-2.4.34-18.el7.src.rpm httpd24-mod_md-2.0.8-1.el7.src.rpm
noarch: httpd24-httpd-manual-2.4.34-18.el7.noarch.rpm
ppc64le: httpd24-httpd-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm httpd24-mod_md-2.0.8-1.el7.ppc64le.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm
s390x: httpd24-httpd-2.4.34-18.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.s390x.rpm httpd24-mod_md-2.0.8-1.el7.s390x.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm httpd24-mod_session-2.4.34-18.el7.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.s390x.rpm
x86_64: httpd24-httpd-2.4.34-18.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm httpd24-mod_md-2.0.8-1.el7.x86_64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd24-httpd-2.4.34-18.el7.src.rpm httpd24-mod_md-2.0.8-1.el7.src.rpm
noarch: httpd24-httpd-manual-2.4.34-18.el7.noarch.rpm
x86_64: httpd24-httpd-2.4.34-18.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm httpd24-mod_md-2.0.8-1.el7.x86_64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-10098 https://access.redhat.com/security/cve/CVE-2020-1927 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.5_release_notes/
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXszbC9zjgjWX9erEAQhADg/+MXJE58l81OZKPv+q7IVqDJyn5WBSzHQx FSMgRLz22MHVDmLbDUhOKDvQ2LjECJYX3Z2K9dLouAFowXC6iE/jYSCv/1hKf1k6 aYhZSP/teN0dwPbt9L7yrb9sdmHndL76PlGCWB5xSJQ2bBeMAwUBNGfc+DsVHxGd IlvX3c5JhzOwdCUWBXOLijNyNm84Wu9kq2HyPWtSpZhiPYrJYfHNSkINC4emP3HZ oxR6JjZbBBlVv+goOjjWCzcs5mWPqFawTs/j8PRZAeGYIVNYZGJWuItNQtlIKV7I k3t7CzMhTe2YzLYpeznrJR35QLSmQCyVwMMqIBfhsuUYN1PT7CVZym75p9dkv9E4 aBRiws/GTTJTJKPNYaJHEjAjcx0fr2SvnEU2XwtJ7kBsdqNeH6E84kpVw+ZXUx5W 1VdVLxByCf9uiqDMZpi90u24ug5Qkn3U0GpQaAi0b5pnQijMTpcyTSuyqx4Vi4uH 3rXD9VhX6iW7cVX0TELegnldFFnIqnn1OtLxuE8OuT1942+W/uPjXe9pdvRMHeuX 9dPpOpqDM4ksta3rJtr0vfR2NsoOPe0otmtB0fjIPtmEMx2Icv7mNoSz2elg6aIZ 35f1T/yTMTrAQU3GeyAJVHTc0IlV9pwyJiezD9DifAFOVL1qjwQF1gXRff8gdyTi 5Ut1HUEbrIM=rq6/ -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4458-1 August 13, 2020
apache2 vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Apache HTTP Server.
Software Description: - apache2: Apache HTTP server
Details:
Fabrice Perez discovered that the Apache mod_rewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. (CVE-2020-1927)
Chamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly handled memory when proxying to a malicious FTP server. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2020-1934)
Felix Wilhelm discovered that the HTTP/2 implementation in Apache did not properly handle certain Cache-Digest headers. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-9490)
Felix Wilhelm discovered that the Apache mod_proxy_uwsgi module incorrectly handled large headers. A remote attacker could use this issue to obtain sensitive information or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11984)
Felix Wilhelm discovered that the HTTP/2 implementation in Apache did not properly handle certain logging statements. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11993)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.1 apache2-bin 2.4.41-4ubuntu3.1 libapache2-mod-proxy-uwsgi 2.4.41-4ubuntu3.1
Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.14 apache2-bin 2.4.29-1ubuntu4.14
Ubuntu 16.04 LTS: apache2 2.4.18-2ubuntu3.17 apache2-bin 2.4.18-2ubuntu3.17
In general, a standard system update will make all the necessary changes.
CVE-2020-9490
Felix Wilhelm discovered that a specially crafted value for the
'Cache-Digest' header in a HTTP/2 request could cause a crash when
the server actually tries to HTTP/2 PUSH a resource afterwards.
CVE-2020-11984
Felix Wilhelm reported a buffer overflow flaw in the mod_proxy_uwsgi
module which could result in information disclosure or potentially
remote code execution.
CVE-2020-11993
Felix Wilhelm reported that when trace/debug was enabled for the
HTTP/2 module certain traffic edge patterns can cause logging
statements on the wrong connection, causing concurrent use of
memory pools.
For the stable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u4.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9NEuNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5YQ/+JLGtVDLCq/TPAtxgqhE/QlE7+ptoFGXxY7+kScNZx2LCKpoXxrFmpfO/ HyjeGZgVlmggPyrvFu57NXbnPP4YnzgiRONuhLeoXq496zpz/sQjhNkKQkjs5Xdf lfChNfMRblTeSKSHpEBlXyxx56CPa45BDFRI4jSbuhUJjl58SF7mfgJ9n0mVuWR/ DGo0snCU3+wOS6Ce7WQbh8Y8kSCZMt/KVgCNOFbM4IaKTgohLHNrqF1kmW7Ccq1/ OpY/P2GbHoKN9h9qRhfp8b+OUdbmg+57WRejkF2FX9XWLfGjnAbmW7TX5MquoK1N xruYtvwIvqRvsidOPG9BPf1OD5WZwIKsFnGKc2yEXmjVe7RY4driNSyU6DRJN/a2 n958CVuEI7L/GTleIU/0MYX5SH98B8oCH4ojqXzDdjbjJXtq1nYe/X9tEIrYgHds iB1oMwKE9Rwu4RDkHLX/uiJ8rJPkvc0d7JpA6vKzBK+CQLnFSWhg7N+fTNja/PJW PeJsTPv8iHB3SvccHmhIxj7tSW41Ta5YDUUY2oIj746OqjV1gBeSM3j2JK1gYVSF IZ1foL9qGLsQabI61llV+MxmKL3seiBfUF20yIeRcstqFcY/R0rxrIQl+bbAQOnX Q09LQHxUzjS5MwXcrsfReCqQbrItqwbrU2Gs/kvN73CrM7ZX4ag= =PNO5 -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202004-0999", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "oncommand unified manager core package", "scope": "eq", "trust": 1.0, "vendor": "netapp", "version": null }, { "model": "leap", "scope": "eq", "trust": 1.0, "vendor": "opensuse", "version": "15.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "10.0" }, { "model": "communications session report manager", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.1" }, { "model": "linux", "scope": "eq", "trust": 1.0, "vendor": "debian", "version": "9.0" }, { "model": "communications session report manager", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications session report manager", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2.1" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "32" }, { "model": "communications session route manager", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.1" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "16.04" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "20.04" }, { "model": "zfs storage appliance kit", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.8" }, { "model": "http server", "scope": "lte", "trust": 1.0, "vendor": "apache", "version": "2.4.41" }, { "model": "ubuntu linux", "scope": "eq", "trust": 1.0, "vendor": "canonical", "version": "18.04" }, { "model": "communications session route manager", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications session route manager", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2.1" }, { "model": "enterprise manager ops center", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "12.4.0.0" }, { "model": "instantis enterprisetrack", "scope": "gte", "trust": 1.0, "vendor": "oracle", "version": "17.1" }, { "model": "fedora", "scope": "eq", "trust": 1.0, "vendor": "fedoraproject", "version": "31" }, { "model": "sd-wan aware", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2" }, { "model": "communications element manager", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.1.1" }, { "model": "communications element manager", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2.0" }, { "model": "communications element manager", "scope": "eq", "trust": 1.0, "vendor": "oracle", "version": "8.2.1" }, { "model": "brocade fabric operating system", "scope": "eq", "trust": 1.0, "vendor": "broadcom", "version": null }, { "model": "http server", "scope": "gte", "trust": 1.0, "vendor": "apache", "version": "2.4.0" }, { "model": "instantis enterprisetrack", "scope": "lte", "trust": 1.0, "vendor": "oracle", "version": "17.3" }, { "model": "http server", "scope": "eq", "trust": 0.8, "vendor": "apache", "version": "2.4.0 \u304b\u3089 2.4.41" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003563" }, { "db": "NVD", "id": "CVE-2020-1927" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "2.4.41", "versionStartIncluding": "2.4.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "17.3", "versionStartIncluding": "17.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2020-1927" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Red Hat", "sources": [ { "db": "PACKETSTORM", "id": "159371" }, { "db": "PACKETSTORM", "id": "159879" }, { "db": "PACKETSTORM", "id": "157818" }, { "db": "CNNVD", "id": "CNNVD-202004-060" } ], "trust": 0.9 }, "cve": "CVE-2020-1927", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "None", "baseScore": 5.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "JVNDB-2020-003563", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "CVE-2020-1927", "impactScore": 4.9, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "MEDIUM", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "exploitabilityScore": 2.8, "impactScore": 2.7, "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "None", "baseScore": 6.1, "baseSeverity": "Medium", "confidentialityImpact": "Low", "exploitabilityScore": null, "id": "JVNDB-2020-003563", "impactScore": null, "integrityImpact": "Low", "privilegesRequired": "None", "scope": "Changed", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2020-1927", "trust": 1.0, "value": "MEDIUM" }, { "author": "NVD", "id": "JVNDB-2020-003563", "trust": 0.8, "value": "Medium" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-202004-060", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2020-1927", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-1927" }, { "db": "JVNDB", "id": "JVNDB-2020-003563" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202004-060" }, { "db": "NVD", "id": "CVE-2020-1927" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. 7) - x86_64\n\n3. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nThe following packages have been upgraded to a later upstream version:\nmod_http2 (1.15.7). -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: httpd24-httpd and httpd24-mod_md security and enhancement update\nAdvisory ID: RHSA-2020:2263-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2020:2263\nIssue date: 2020-05-26\nCVE Names: CVE-2019-10098 CVE-2020-1927\n====================================================================\n1. Summary:\n\nAn update for httpd24-httpd and httpd24-mod_md is now available for Red Hat\nSoftware Collections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nThe httpd packages provide the Apache HTTP Server, a powerful, efficient,\nand extensible web server. \n\nSecurity Fix(es):\n\n* httpd: mod_rewrite configurations vulnerable to open redirect\n(CVE-2020-1927)\n\n* httpd: mod_rewrite potential open redirect (CVE-2019-10098)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nSoftware Collections 3.5 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1743959 - CVE-2019-10098 httpd: mod_rewrite potential open redirect\n1820761 - CVE-2020-1927 httpd: mod_rewrite configurations vulnerable to open redirect\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nhttpd24-httpd-2.4.34-18.el6.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-18.el6.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-18.el6.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el6.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-18.el6.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-18.el6.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-18.el6.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el6.x86_64.rpm\nhttpd24-mod_session-2.4.34-18.el6.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-18.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nhttpd24-httpd-2.4.34-18.el6.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-18.el6.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-18.el6.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el6.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-18.el6.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-18.el6.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-18.el6.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el6.x86_64.rpm\nhttpd24-mod_session-2.4.34-18.el6.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-18.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-18.el7.src.rpm\nhttpd24-mod_md-2.0.8-1.el7.src.rpm\n\naarch64:\nhttpd24-httpd-2.4.34-18.el7.aarch64.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el7.aarch64.rpm\nhttpd24-httpd-devel-2.4.34-18.el7.aarch64.rpm\nhttpd24-httpd-tools-2.4.34-18.el7.aarch64.rpm\nhttpd24-mod_ldap-2.4.34-18.el7.aarch64.rpm\nhttpd24-mod_md-2.0.8-1.el7.aarch64.rpm\nhttpd24-mod_md-debuginfo-2.0.8-1.el7.aarch64.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el7.aarch64.rpm\nhttpd24-mod_session-2.4.34-18.el7.aarch64.rpm\nhttpd24-mod_ssl-2.4.34-18.el7.aarch64.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-18.el7.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-18.el7.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_md-2.0.8-1.el7.ppc64le.rpm\nhttpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_session-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-18.el7.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm\nhttpd24-httpd-devel-2.4.34-18.el7.s390x.rpm\nhttpd24-httpd-tools-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_ldap-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_md-2.0.8-1.el7.s390x.rpm\nhttpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_session-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_ssl-2.4.34-18.el7.s390x.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-18.el7.src.rpm\nhttpd24-mod_md-2.0.8-1.el7.src.rpm\n\naarch64:\nhttpd24-httpd-2.4.34-18.el7.aarch64.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el7.aarch64.rpm\nhttpd24-httpd-devel-2.4.34-18.el7.aarch64.rpm\nhttpd24-httpd-tools-2.4.34-18.el7.aarch64.rpm\nhttpd24-mod_ldap-2.4.34-18.el7.aarch64.rpm\nhttpd24-mod_md-2.0.8-1.el7.aarch64.rpm\nhttpd24-mod_md-debuginfo-2.0.8-1.el7.aarch64.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el7.aarch64.rpm\nhttpd24-mod_session-2.4.34-18.el7.aarch64.rpm\nhttpd24-mod_ssl-2.4.34-18.el7.aarch64.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-18.el7.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-18.el7.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_md-2.0.8-1.el7.ppc64le.rpm\nhttpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_session-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-18.el7.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm\nhttpd24-httpd-devel-2.4.34-18.el7.s390x.rpm\nhttpd24-httpd-tools-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_ldap-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_md-2.0.8-1.el7.s390x.rpm\nhttpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_session-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_ssl-2.4.34-18.el7.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-18.el7.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_md-2.0.8-1.el7.x86_64.rpm\nhttpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_session-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nhttpd24-httpd-2.4.34-18.el7.src.rpm\nhttpd24-mod_md-2.0.8-1.el7.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-18.el7.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-18.el7.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_md-2.0.8-1.el7.ppc64le.rpm\nhttpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_session-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-18.el7.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm\nhttpd24-httpd-devel-2.4.34-18.el7.s390x.rpm\nhttpd24-httpd-tools-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_ldap-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_md-2.0.8-1.el7.s390x.rpm\nhttpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_session-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_ssl-2.4.34-18.el7.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-18.el7.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_md-2.0.8-1.el7.x86_64.rpm\nhttpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_session-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nhttpd24-httpd-2.4.34-18.el7.src.rpm\nhttpd24-mod_md-2.0.8-1.el7.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-18.el7.noarch.rpm\n\nppc64le:\nhttpd24-httpd-2.4.34-18.el7.ppc64le.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm\nhttpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm\nhttpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_md-2.0.8-1.el7.ppc64le.rpm\nhttpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_session-2.4.34-18.el7.ppc64le.rpm\nhttpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm\n\ns390x:\nhttpd24-httpd-2.4.34-18.el7.s390x.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm\nhttpd24-httpd-devel-2.4.34-18.el7.s390x.rpm\nhttpd24-httpd-tools-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_ldap-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_md-2.0.8-1.el7.s390x.rpm\nhttpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_session-2.4.34-18.el7.s390x.rpm\nhttpd24-mod_ssl-2.4.34-18.el7.s390x.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-18.el7.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_md-2.0.8-1.el7.x86_64.rpm\nhttpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_session-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd24-httpd-2.4.34-18.el7.src.rpm\nhttpd24-mod_md-2.0.8-1.el7.src.rpm\n\nnoarch:\nhttpd24-httpd-manual-2.4.34-18.el7.noarch.rpm\n\nx86_64:\nhttpd24-httpd-2.4.34-18.el7.x86_64.rpm\nhttpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm\nhttpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm\nhttpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_md-2.0.8-1.el7.x86_64.rpm\nhttpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm\nhttpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_session-2.4.34-18.el7.x86_64.rpm\nhttpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-10098\nhttps://access.redhat.com/security/cve/CVE-2020-1927\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.5_release_notes/\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2020 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXszbC9zjgjWX9erEAQhADg/+MXJE58l81OZKPv+q7IVqDJyn5WBSzHQx\nFSMgRLz22MHVDmLbDUhOKDvQ2LjECJYX3Z2K9dLouAFowXC6iE/jYSCv/1hKf1k6\naYhZSP/teN0dwPbt9L7yrb9sdmHndL76PlGCWB5xSJQ2bBeMAwUBNGfc+DsVHxGd\nIlvX3c5JhzOwdCUWBXOLijNyNm84Wu9kq2HyPWtSpZhiPYrJYfHNSkINC4emP3HZ\noxR6JjZbBBlVv+goOjjWCzcs5mWPqFawTs/j8PRZAeGYIVNYZGJWuItNQtlIKV7I\nk3t7CzMhTe2YzLYpeznrJR35QLSmQCyVwMMqIBfhsuUYN1PT7CVZym75p9dkv9E4\naBRiws/GTTJTJKPNYaJHEjAjcx0fr2SvnEU2XwtJ7kBsdqNeH6E84kpVw+ZXUx5W\n1VdVLxByCf9uiqDMZpi90u24ug5Qkn3U0GpQaAi0b5pnQijMTpcyTSuyqx4Vi4uH\n3rXD9VhX6iW7cVX0TELegnldFFnIqnn1OtLxuE8OuT1942+W/uPjXe9pdvRMHeuX\n9dPpOpqDM4ksta3rJtr0vfR2NsoOPe0otmtB0fjIPtmEMx2Icv7mNoSz2elg6aIZ\n35f1T/yTMTrAQU3GeyAJVHTc0IlV9pwyJiezD9DifAFOVL1qjwQF1gXRff8gdyTi\n5Ut1HUEbrIM=rq6/\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-4458-1\nAugust 13, 2020\n\napache2 vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Apache HTTP Server. \n\nSoftware Description:\n- apache2: Apache HTTP server\n\nDetails:\n\nFabrice Perez discovered that the Apache mod_rewrite module incorrectly\nhandled certain redirects. A remote attacker could possibly use this issue\nto perform redirects to an unexpected URL. (CVE-2020-1927)\n\nChamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly\nhandled memory when proxying to a malicious FTP server. A remote attacker\ncould possibly use this issue to obtain sensitive information. \n(CVE-2020-1934)\n\nFelix Wilhelm discovered that the HTTP/2 implementation in Apache did not\nproperly handle certain Cache-Digest headers. A remote attacker could\npossibly use this issue to cause Apache to crash, resulting in a denial of\nservice. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2020-9490)\n\nFelix Wilhelm discovered that the Apache mod_proxy_uwsgi module incorrectly\nhandled large headers. A remote attacker could use this issue to obtain\nsensitive information or possibly execute arbitrary code. This issue only\naffected Ubuntu 20.04 LTS. (CVE-2020-11984)\n\nFelix Wilhelm discovered that the HTTP/2 implementation in Apache did not\nproperly handle certain logging statements. A remote attacker could\npossibly use this issue to cause Apache to crash, resulting in a denial of\nservice. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. \n(CVE-2020-11993)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n apache2 2.4.41-4ubuntu3.1\n apache2-bin 2.4.41-4ubuntu3.1\n libapache2-mod-proxy-uwsgi 2.4.41-4ubuntu3.1\n\nUbuntu 18.04 LTS:\n apache2 2.4.29-1ubuntu4.14\n apache2-bin 2.4.29-1ubuntu4.14\n\nUbuntu 16.04 LTS:\n apache2 2.4.18-2ubuntu3.17\n apache2-bin 2.4.18-2ubuntu3.17\n\nIn general, a standard system update will make all the necessary changes. \n\nCVE-2020-9490\n\n Felix Wilhelm discovered that a specially crafted value for the\n \u0027Cache-Digest\u0027 header in a HTTP/2 request could cause a crash when\n the server actually tries to HTTP/2 PUSH a resource afterwards. \n\nCVE-2020-11984\n\n Felix Wilhelm reported a buffer overflow flaw in the mod_proxy_uwsgi\n module which could result in information disclosure or potentially\n remote code execution. \n\nCVE-2020-11993\n\n Felix Wilhelm reported that when trace/debug was enabled for the\n HTTP/2 module certain traffic edge patterns can cause logging\n statements on the wrong connection, causing concurrent use of\n memory pools. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.4.38-3+deb10u4. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9NEuNfFIAAAAAALgAo\naXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2\nNDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND\nz0R5YQ/+JLGtVDLCq/TPAtxgqhE/QlE7+ptoFGXxY7+kScNZx2LCKpoXxrFmpfO/\nHyjeGZgVlmggPyrvFu57NXbnPP4YnzgiRONuhLeoXq496zpz/sQjhNkKQkjs5Xdf\nlfChNfMRblTeSKSHpEBlXyxx56CPa45BDFRI4jSbuhUJjl58SF7mfgJ9n0mVuWR/\nDGo0snCU3+wOS6Ce7WQbh8Y8kSCZMt/KVgCNOFbM4IaKTgohLHNrqF1kmW7Ccq1/\nOpY/P2GbHoKN9h9qRhfp8b+OUdbmg+57WRejkF2FX9XWLfGjnAbmW7TX5MquoK1N\nxruYtvwIvqRvsidOPG9BPf1OD5WZwIKsFnGKc2yEXmjVe7RY4driNSyU6DRJN/a2\nn958CVuEI7L/GTleIU/0MYX5SH98B8oCH4ojqXzDdjbjJXtq1nYe/X9tEIrYgHds\niB1oMwKE9Rwu4RDkHLX/uiJ8rJPkvc0d7JpA6vKzBK+CQLnFSWhg7N+fTNja/PJW\nPeJsTPv8iHB3SvccHmhIxj7tSW41Ta5YDUUY2oIj746OqjV1gBeSM3j2JK1gYVSF\nIZ1foL9qGLsQabI61llV+MxmKL3seiBfUF20yIeRcstqFcY/R0rxrIQl+bbAQOnX\nQ09LQHxUzjS5MwXcrsfReCqQbrItqwbrU2Gs/kvN73CrM7ZX4ag=\n=PNO5\n-----END PGP SIGNATURE-----\n", "sources": [ { "db": "NVD", "id": "CVE-2020-1927" }, { "db": "JVNDB", "id": "JVNDB-2020-003563" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2020-1927" }, { "db": "PACKETSTORM", "id": "159371" }, { "db": "PACKETSTORM", "id": "159879" }, { "db": "PACKETSTORM", "id": "157818" }, { "db": "PACKETSTORM", "id": "158864" }, { "db": "PACKETSTORM", "id": "168892" } ], "trust": 2.7 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2020-1927", "trust": 3.0 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2020/04/03/1", "trust": 1.7 }, { "db": "OPENWALL", "id": "OSS-SECURITY/2020/04/04/1", "trust": 1.7 }, { "db": "JVNDB", "id": "JVNDB-2020-003563", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "159371", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "159879", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "157818", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "158864", "trust": 0.7 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2988", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1360", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1437", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1728", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.0319", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.4295", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1847", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.2806", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2022.1832", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1465", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2021.2348", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3872", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.3373", "trust": 0.6 }, { "db": "AUSCERT", "id": "ESB-2020.1728.2", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2022072037", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021042307", "trust": 0.6 }, { "db": "NSFOCUS", "id": "48052", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202004-060", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2020-1927", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "168892", "trust": 0.1 } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-1927" }, { "db": "JVNDB", "id": "JVNDB-2020-003563" }, { "db": "PACKETSTORM", "id": "159371" }, { "db": "PACKETSTORM", "id": "159879" }, { "db": "PACKETSTORM", "id": "157818" }, { "db": "PACKETSTORM", "id": "158864" }, { "db": "PACKETSTORM", "id": "168892" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202004-060" }, { "db": "NVD", "id": "CVE-2020-1927" } ] }, "id": "VAR-202004-0999", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.625 }, "last_update_date": "2024-02-13T00:36:39.718000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Fixed in Apache httpd 2.4.42 (low: mod_rewrite CWE-601 open redirect (CVE-2020-1927))", "trust": 0.8, "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "title": "Apache HTTP Server Enter the fix for the verification error vulnerability", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=115425" }, { "title": "Red Hat: Moderate: httpd24-httpd and httpd24-mod_md security and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20202263 - security advisory" }, { "title": "Amazon Linux AMI: ALAS-2020-1370", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2020-1370" }, { "title": "Arch Linux Issues: ", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=cve-2020-1927 log" }, { "title": "Amazon Linux 2: ALAS2-2020-1427", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2020-1427" }, { "title": "Red Hat: Moderate: httpd security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20203958 - security advisory" }, { "title": "Debian Security Advisories: DSA-4757-1 apache2 -- security update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=38cd51577d135ebf93dc6ff5a31c6ea1" }, { "title": "Red Hat: Moderate: httpd:2.4 security, bug fix, and enhancement update", "trust": 0.1, "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20204751 - security advisory" }, { "title": "Metamap", "trust": 0.1, "url": "https://github.com/unknwncharlie/metamap " }, { "title": "Vegeta:1 ~Vulhub Walkthrough", "trust": 0.1, "url": "https://github.com/vaishali1998/vegeta1-vulhub-walkthrough " }, { "title": "Documented commands (type help ):", "trust": 0.1, "url": "https://github.com/solhack/team_csi_platform " }, { "title": "External Penetration Testing - Holo Corporate Network - TryHackMe - Holo Network", "trust": 0.1, "url": "https://github.com/austin-lai/external-penetration-testing-holo-corporate-network-tryhackme-holo-network " }, { "title": "DC 3: Vulnhub Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/dc-3-vulnhub-walkthrough " }, { "title": "Funbox-rookie", "trust": 0.1, "url": "https://github.com/vaishali1998/funbox2-rookie " }, { "title": "Tier 0\nTier 1\nTier 2", "trust": 0.1, "url": "https://github.com/totes5706/toteshtb " }, { "title": "DC-2: Vulnhub Walkthrough", "trust": 0.1, "url": "https://github.com/vshaliii/dc-2-vulnhub-walkthrough " }, { "title": "Skynet", "trust": 0.1, "url": "https://github.com/bioly230/thm_skynet " }, { "title": "Shodan Search Script", "trust": 0.1, "url": "https://github.com/firatesatoglu/shodansearch " }, { "title": "Basic-Pentesting-2", "trust": 0.1, "url": "https://github.com/vshaliii/basic-pentesting-2-vulnhub-walkthrough " }, { "title": "Basic-Pentesting-2", "trust": 0.1, "url": "https://github.com/vshaliii/basic-pentesting-2 " } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-1927" }, { "db": "JVNDB", "id": "JVNDB-2020-003563" }, { "db": "CNNVD", "id": "CNNVD-202004-060" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-601", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003563" }, { "db": "NVD", "id": "CVE-2020-1927" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://www.oracle.com/security-alerts/cpuapr2021.html" }, { "trust": 1.9, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1927" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2020/04/03/1" }, { "trust": 1.7, "url": "http://www.openwall.com/lists/oss-security/2020/04/04/1" }, { "trust": 1.7, "url": "https://security.netapp.com/advisory/ntap-20200413-0002/" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "trust": 1.7, "url": "https://usn.ubuntu.com/4458-1/" }, { "trust": 1.7, "url": "https://www.debian.org/security/2020/dsa-4757" }, { "trust": 1.7, "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" }, { "trust": 1.7, "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "trust": 1.1, "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3cdev.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3cdev.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hyvye2zerfxdv6rmkk3i5sdsdqlpseiq/" }, { "trust": 1.1, "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/a2rn46prbje7e7opd4yzx5svwv5qkgv5/" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3ccvs.httpd.apache.org%3e" }, { "trust": 1.1, "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3ccvs.httpd.apache.org%3e" }, { "trust": 0.8, "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1927" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" }, { "trust": 0.6, "url": "httpd.apache.org%3e" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201@%3cdev." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7@%3ccvs." }, { "trust": 0.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hyvye2zerfxdv6rmkk3i5sdsdqlpseiq/" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84@%3ccvs." }, { "trust": 0.6, "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/a2rn46prbje7e7opd4yzx5svwv5qkgv5/" }, { "trust": 0.6, "url": "httpd.apache.org/security/vulnerabilities_24.html" }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac@%3cdev." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs." }, { "trust": 0.6, "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3ccvs." }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2022072037" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1437/" }, { "trust": 0.6, "url": "http-server-affect-ibm-i/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-cve-2020-1927-and-cve-2020-1934-in-apache-" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-5/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159371/red-hat-security-advisory-2020-3958-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.0319/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2988/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1728/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1360/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1847/" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/159879/red-hat-security-advisory-2020-4751-01.html" }, { "trust": 0.6, "url": "http-server-and-ibm-websphere-application-server-used-in-ibm-websphere-application-server-in-ibm-cloud/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3373/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1465/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.3872/" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.4295/" }, { "trust": 0.6, "url": "http-server-used-by-websphere-application-server/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-" }, { "trust": 0.6, "url": "https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-019.pdf" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.2348" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.1728.2/" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021042307" }, { "trust": 0.6, "url": "http-cve-2019-10098-and-cve-2020-1927/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-" }, { "trust": 0.6, "url": "httpd-mod-rewrite-open-redirect-31923" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apache-" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/158864/ubuntu-security-notice-usn-4458-1.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2020.2806/" }, { "trust": 0.6, "url": "http://www.nsfocus.net/vulndb/48052" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/157818/red-hat-security-advisory-2020-2263-01.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2022.1832" }, { "trust": 0.6, "url": "http-server-vulnerabilities-3/" }, { "trust": 0.6, "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-siteprotector-system-is-affected-by-apache-" }, { "trust": 0.4, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-1934" }, { "trust": 0.3, "url": "https://access.redhat.com/articles/11258" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.3, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.3, "url": "https://bugzilla.redhat.com/):" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2020-1927" }, { "trust": 0.3, "url": "https://access.redhat.com/security/cve/cve-2019-10098" }, { "trust": 0.3, "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "trust": 0.3, "url": "https://access.redhat.com/security/team/key/" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10098" }, { "trust": 0.2, "url": "https://access.redhat.com/errata/rhsa-2020:2263" }, { "trust": 0.2, "url": "https://access.redhat.com/security/cve/cve-2020-1934" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11993" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-11984" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2020-9490" }, { "trust": 0.1, "url": "https://cwe.mitre.org/data/definitions/601.html" }, { "trust": 0.1, "url": "https://github.com/unknwncharlie/metamap" }, { "trust": 0.1, "url": "https://nvd.nist.gov" }, { "trust": 0.1, "url": "https://alas.aws.amazon.com/alas-2020-1370.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2017-15715" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:3958" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1283" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1303" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1303" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-1283" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2017-15715" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10097" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0197" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2018-17189" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10082" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10092" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10097" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10092" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0197" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2018-17189" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10081" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-10082" }, { "trust": 0.1, "url": "https://access.redhat.com/errata/rhsa-2020:4751" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-10081" }, { "trust": 0.1, "url": "https://access.redhat.com/security/cve/cve-2019-0196" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2019-0196" }, { "trust": 0.1, "url": "https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.5_release_notes/" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.14" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.1" }, { "trust": 0.1, "url": "https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.17" }, { "trust": 0.1, "url": "https://usn.ubuntu.com/4458-1" }, { "trust": 0.1, "url": "https://www.debian.org/security/faq" }, { "trust": 0.1, "url": "https://security-tracker.debian.org/tracker/apache2" }, { "trust": 0.1, "url": "https://www.debian.org/security/" } ], "sources": [ { "db": "VULMON", "id": "CVE-2020-1927" }, { "db": "JVNDB", "id": "JVNDB-2020-003563" }, { "db": "PACKETSTORM", "id": "159371" }, { "db": "PACKETSTORM", "id": "159879" }, { "db": "PACKETSTORM", "id": "157818" }, { "db": "PACKETSTORM", "id": "158864" }, { "db": "PACKETSTORM", "id": "168892" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202004-060" }, { "db": "NVD", "id": "CVE-2020-1927" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULMON", "id": "CVE-2020-1927" }, { "db": "JVNDB", "id": "JVNDB-2020-003563" }, { "db": "PACKETSTORM", "id": "159371" }, { "db": "PACKETSTORM", "id": "159879" }, { "db": "PACKETSTORM", "id": "157818" }, { "db": "PACKETSTORM", "id": "158864" }, { "db": "PACKETSTORM", "id": "168892" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "CNNVD", "id": "CNNVD-202004-060" }, { "db": "NVD", "id": "CVE-2020-1927" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2020-04-02T00:00:00", "db": "VULMON", "id": "CVE-2020-1927" }, { "date": "2020-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003563" }, { "date": "2020-09-30T15:46:52", "db": "PACKETSTORM", "id": "159371" }, { "date": "2020-11-04T15:33:20", "db": "PACKETSTORM", "id": "159879" }, { "date": "2020-05-26T14:42:04", "db": "PACKETSTORM", "id": "157818" }, { "date": "2020-08-13T16:53:22", "db": "PACKETSTORM", "id": "158864" }, { "date": "2020-08-31T12:12:00", "db": "PACKETSTORM", "id": "168892" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2020-04-01T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-060" }, { "date": "2020-04-02T00:15:13.347000", "db": "NVD", "id": "CVE-2020-1927" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2023-11-07T00:00:00", "db": "VULMON", "id": "CVE-2020-1927" }, { "date": "2020-04-20T00:00:00", "db": "JVNDB", "id": "JVNDB-2020-003563" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" }, { "date": "2022-07-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202004-060" }, { "date": "2023-11-07T03:19:36.047000", "db": "NVD", "id": "CVE-2020-1927" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "158864" }, { "db": "CNNVD", "id": "CNNVD-202004-060" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apache HTTP Server Request in URL Unexpected in URL Vulnerability redirected to", "sources": [ { "db": "JVNDB", "id": "JVNDB-2020-003563" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202104-975" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.