ID

VAR-202004-0999


CVE

CVE-2020-1927


TITLE

Apache HTTP Server Request in URL Unexpected in URL Vulnerability redirected to

Trust: 0.8

sources: JVNDB: JVNDB-2020-003563

DESCRIPTION

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. 7) - x86_64 3. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. The following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd24-httpd and httpd24-mod_md security and enhancement update Advisory ID: RHSA-2020:2263-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:2263 Issue date: 2020-05-26 CVE Names: CVE-2019-10098 CVE-2020-1927 ==================================================================== 1. Summary: An update for httpd24-httpd and httpd24-mod_md is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927) * httpd: mod_rewrite potential open redirect (CVE-2019-10098) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Software Collections 3.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1743959 - CVE-2019-10098 httpd: mod_rewrite potential open redirect 1820761 - CVE-2020-1927 httpd: mod_rewrite configurations vulnerable to open redirect 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: httpd24-httpd-2.4.34-18.el6.src.rpm noarch: httpd24-httpd-manual-2.4.34-18.el6.noarch.rpm x86_64: httpd24-httpd-2.4.34-18.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el6.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el6.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el6.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el6.x86_64.rpm httpd24-mod_session-2.4.34-18.el6.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: httpd24-httpd-2.4.34-18.el6.src.rpm noarch: httpd24-httpd-manual-2.4.34-18.el6.noarch.rpm x86_64: httpd24-httpd-2.4.34-18.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el6.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el6.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el6.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el6.x86_64.rpm httpd24-mod_session-2.4.34-18.el6.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.34-18.el7.src.rpm httpd24-mod_md-2.0.8-1.el7.src.rpm aarch64: httpd24-httpd-2.4.34-18.el7.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.aarch64.rpm httpd24-httpd-devel-2.4.34-18.el7.aarch64.rpm httpd24-httpd-tools-2.4.34-18.el7.aarch64.rpm httpd24-mod_ldap-2.4.34-18.el7.aarch64.rpm httpd24-mod_md-2.0.8-1.el7.aarch64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.aarch64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.aarch64.rpm httpd24-mod_session-2.4.34-18.el7.aarch64.rpm httpd24-mod_ssl-2.4.34-18.el7.aarch64.rpm noarch: httpd24-httpd-manual-2.4.34-18.el7.noarch.rpm ppc64le: httpd24-httpd-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm httpd24-mod_md-2.0.8-1.el7.ppc64le.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm s390x: httpd24-httpd-2.4.34-18.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.s390x.rpm httpd24-mod_md-2.0.8-1.el7.s390x.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm httpd24-mod_session-2.4.34-18.el7.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.34-18.el7.src.rpm httpd24-mod_md-2.0.8-1.el7.src.rpm aarch64: httpd24-httpd-2.4.34-18.el7.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.aarch64.rpm httpd24-httpd-devel-2.4.34-18.el7.aarch64.rpm httpd24-httpd-tools-2.4.34-18.el7.aarch64.rpm httpd24-mod_ldap-2.4.34-18.el7.aarch64.rpm httpd24-mod_md-2.0.8-1.el7.aarch64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.aarch64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.aarch64.rpm httpd24-mod_session-2.4.34-18.el7.aarch64.rpm httpd24-mod_ssl-2.4.34-18.el7.aarch64.rpm noarch: httpd24-httpd-manual-2.4.34-18.el7.noarch.rpm ppc64le: httpd24-httpd-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm httpd24-mod_md-2.0.8-1.el7.ppc64le.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm s390x: httpd24-httpd-2.4.34-18.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.s390x.rpm httpd24-mod_md-2.0.8-1.el7.s390x.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm httpd24-mod_session-2.4.34-18.el7.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.s390x.rpm x86_64: httpd24-httpd-2.4.34-18.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm httpd24-mod_md-2.0.8-1.el7.x86_64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: httpd24-httpd-2.4.34-18.el7.src.rpm httpd24-mod_md-2.0.8-1.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-18.el7.noarch.rpm ppc64le: httpd24-httpd-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm httpd24-mod_md-2.0.8-1.el7.ppc64le.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm s390x: httpd24-httpd-2.4.34-18.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.s390x.rpm httpd24-mod_md-2.0.8-1.el7.s390x.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm httpd24-mod_session-2.4.34-18.el7.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.s390x.rpm x86_64: httpd24-httpd-2.4.34-18.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm httpd24-mod_md-2.0.8-1.el7.x86_64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: httpd24-httpd-2.4.34-18.el7.src.rpm httpd24-mod_md-2.0.8-1.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-18.el7.noarch.rpm ppc64le: httpd24-httpd-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm httpd24-mod_md-2.0.8-1.el7.ppc64le.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm s390x: httpd24-httpd-2.4.34-18.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.s390x.rpm httpd24-mod_md-2.0.8-1.el7.s390x.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm httpd24-mod_session-2.4.34-18.el7.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.s390x.rpm x86_64: httpd24-httpd-2.4.34-18.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm httpd24-mod_md-2.0.8-1.el7.x86_64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-httpd-2.4.34-18.el7.src.rpm httpd24-mod_md-2.0.8-1.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-18.el7.noarch.rpm x86_64: httpd24-httpd-2.4.34-18.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm httpd24-mod_md-2.0.8-1.el7.x86_64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-10098 https://access.redhat.com/security/cve/CVE-2020-1927 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.5_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXszbC9zjgjWX9erEAQhADg/+MXJE58l81OZKPv+q7IVqDJyn5WBSzHQx FSMgRLz22MHVDmLbDUhOKDvQ2LjECJYX3Z2K9dLouAFowXC6iE/jYSCv/1hKf1k6 aYhZSP/teN0dwPbt9L7yrb9sdmHndL76PlGCWB5xSJQ2bBeMAwUBNGfc+DsVHxGd IlvX3c5JhzOwdCUWBXOLijNyNm84Wu9kq2HyPWtSpZhiPYrJYfHNSkINC4emP3HZ oxR6JjZbBBlVv+goOjjWCzcs5mWPqFawTs/j8PRZAeGYIVNYZGJWuItNQtlIKV7I k3t7CzMhTe2YzLYpeznrJR35QLSmQCyVwMMqIBfhsuUYN1PT7CVZym75p9dkv9E4 aBRiws/GTTJTJKPNYaJHEjAjcx0fr2SvnEU2XwtJ7kBsdqNeH6E84kpVw+ZXUx5W 1VdVLxByCf9uiqDMZpi90u24ug5Qkn3U0GpQaAi0b5pnQijMTpcyTSuyqx4Vi4uH 3rXD9VhX6iW7cVX0TELegnldFFnIqnn1OtLxuE8OuT1942+W/uPjXe9pdvRMHeuX 9dPpOpqDM4ksta3rJtr0vfR2NsoOPe0otmtB0fjIPtmEMx2Icv7mNoSz2elg6aIZ 35f1T/yTMTrAQU3GeyAJVHTc0IlV9pwyJiezD9DifAFOVL1qjwQF1gXRff8gdyTi 5Ut1HUEbrIM=rq6/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4458-1 August 13, 2020 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: Fabrice Perez discovered that the Apache mod_rewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. (CVE-2020-1927) Chamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly handled memory when proxying to a malicious FTP server. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2020-1934) Felix Wilhelm discovered that the HTTP/2 implementation in Apache did not properly handle certain Cache-Digest headers. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-9490) Felix Wilhelm discovered that the Apache mod_proxy_uwsgi module incorrectly handled large headers. A remote attacker could use this issue to obtain sensitive information or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11984) Felix Wilhelm discovered that the HTTP/2 implementation in Apache did not properly handle certain logging statements. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11993) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.1 apache2-bin 2.4.41-4ubuntu3.1 libapache2-mod-proxy-uwsgi 2.4.41-4ubuntu3.1 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.14 apache2-bin 2.4.29-1ubuntu4.14 Ubuntu 16.04 LTS: apache2 2.4.18-2ubuntu3.17 apache2-bin 2.4.18-2ubuntu3.17 In general, a standard system update will make all the necessary changes. CVE-2020-9490 Felix Wilhelm discovered that a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request could cause a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. CVE-2020-11984 Felix Wilhelm reported a buffer overflow flaw in the mod_proxy_uwsgi module which could result in information disclosure or potentially remote code execution. CVE-2020-11993 Felix Wilhelm reported that when trace/debug was enabled for the HTTP/2 module certain traffic edge patterns can cause logging statements on the wrong connection, causing concurrent use of memory pools. For the stable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u4. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9NEuNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5YQ/+JLGtVDLCq/TPAtxgqhE/QlE7+ptoFGXxY7+kScNZx2LCKpoXxrFmpfO/ HyjeGZgVlmggPyrvFu57NXbnPP4YnzgiRONuhLeoXq496zpz/sQjhNkKQkjs5Xdf lfChNfMRblTeSKSHpEBlXyxx56CPa45BDFRI4jSbuhUJjl58SF7mfgJ9n0mVuWR/ DGo0snCU3+wOS6Ce7WQbh8Y8kSCZMt/KVgCNOFbM4IaKTgohLHNrqF1kmW7Ccq1/ OpY/P2GbHoKN9h9qRhfp8b+OUdbmg+57WRejkF2FX9XWLfGjnAbmW7TX5MquoK1N xruYtvwIvqRvsidOPG9BPf1OD5WZwIKsFnGKc2yEXmjVe7RY4driNSyU6DRJN/a2 n958CVuEI7L/GTleIU/0MYX5SH98B8oCH4ojqXzDdjbjJXtq1nYe/X9tEIrYgHds iB1oMwKE9Rwu4RDkHLX/uiJ8rJPkvc0d7JpA6vKzBK+CQLnFSWhg7N+fTNja/PJW PeJsTPv8iHB3SvccHmhIxj7tSW41Ta5YDUUY2oIj746OqjV1gBeSM3j2JK1gYVSF IZ1foL9qGLsQabI61llV+MxmKL3seiBfUF20yIeRcstqFcY/R0rxrIQl+bbAQOnX Q09LQHxUzjS5MwXcrsfReCqQbrItqwbrU2Gs/kvN73CrM7ZX4ag= =PNO5 -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2020-1927 // JVNDB: JVNDB-2020-003563 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2020-1927 // PACKETSTORM: 159371 // PACKETSTORM: 159879 // PACKETSTORM: 157818 // PACKETSTORM: 158864 // PACKETSTORM: 168892

AFFECTED PRODUCTS

vendor:netappmodel:oncommand unified manager core packagescope:eqversion: -

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:sd-wan awarescope:eqversion:8.2

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:31

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.2.0

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:gteversion:17.1

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:18.04

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.4.41

Trust: 1.0

vendor:oraclemodel:communications session route managerscope:eqversion:8.2.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:apachemodel:http serverscope:gteversion:2.4.0

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.2.1

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.1.1

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.4.0.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:20.04

Trust: 1.0

vendor:broadcommodel:brocade fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:32

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.1.1

Trust: 1.0

vendor:opensusemodel:leapscope:eqversion:15.1

Trust: 1.0

vendor:oraclemodel:communications element managerscope:eqversion:8.2.1

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:lteversion:17.3

Trust: 1.0

vendor:oraclemodel:communications session report managerscope:eqversion:8.2.0

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.4.0 から 2.4.41

Trust: 0.8

sources: JVNDB: JVNDB-2020-003563 // NVD: CVE-2020-1927

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-1927
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-003563
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202004-060
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-1927
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-1927
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-003563
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-1927
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-003563
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-1927 // JVNDB: JVNDB-2020-003563 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202004-060 // NVD: CVE-2020-1927

PROBLEMTYPE DATA

problemtype:CWE-601

Trust: 1.8

sources: JVNDB: JVNDB-2020-003563 // NVD: CVE-2020-1927

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 158864 // CNNVD: CNNVD-202004-060

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003563

PATCH

title:Fixed in Apache httpd 2.4.42 (low: mod_rewrite CWE-601 open redirect (CVE-2020-1927))url:https://httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.8

title:Apache HTTP Server Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115425

Trust: 0.6

title:Red Hat: Moderate: httpd24-httpd and httpd24-mod_md security and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202263 - Security Advisory

Trust: 0.1

title:Amazon Linux AMI: ALAS-2020-1370url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1370

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-1927 log

Trust: 0.1

title:Amazon Linux 2: ALAS2-2020-1427url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1427

Trust: 0.1

title:Red Hat: Moderate: httpd security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203958 - Security Advisory

Trust: 0.1

title:Debian Security Advisories: DSA-4757-1 apache2 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=38cd51577d135ebf93dc6ff5a31c6ea1

Trust: 0.1

title:Red Hat: Moderate: httpd:2.4 security, bug fix, and enhancement updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204751 - Security Advisory

Trust: 0.1

title:Metamapurl:https://github.com/unknwncharlie/Metamap

Trust: 0.1

title:Vegeta:1 ~Vulhub Walkthroughurl:https://github.com/vaishali1998/Vegeta1-Vulhub-Walkthrough

Trust: 0.1

title:Documented commands (type help ):url:https://github.com/Solhack/Team_CSI_platform

Trust: 0.1

title:External Penetration Testing - Holo Corporate Network - TryHackMe - Holo Networkurl:https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network

Trust: 0.1

title:DC 3: Vulnhub Walkthroughurl:https://github.com/vshaliii/DC-3-Vulnhub-Walkthrough

Trust: 0.1

title:Funbox-rookieurl:https://github.com/vaishali1998/Funbox2-rookie

Trust: 0.1

title:Tier 0 Tier 1 Tier 2url:https://github.com/Totes5706/TotesHTB

Trust: 0.1

title:DC-2: Vulnhub Walkthroughurl:https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough

Trust: 0.1

title:Skyneturl:https://github.com/bioly230/THM_Skynet

Trust: 0.1

title:Shodan Search Scripturl:https://github.com/firatesatoglu/shodanSearch

Trust: 0.1

title:Basic-Pentesting-2url:https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough

Trust: 0.1

title:Basic-Pentesting-2url:https://github.com/vshaliii/Basic-Pentesting-2

Trust: 0.1

sources: VULMON: CVE-2020-1927 // JVNDB: JVNDB-2020-003563 // CNNVD: CNNVD-202004-060

EXTERNAL IDS

db:NVDid:CVE-2020-1927

Trust: 3.0

db:OPENWALLid:OSS-SECURITY/2020/04/03/1

Trust: 1.7

db:OPENWALLid:OSS-SECURITY/2020/04/04/1

Trust: 1.7

db:JVNDBid:JVNDB-2020-003563

Trust: 0.8

db:PACKETSTORMid:159371

Trust: 0.7

db:PACKETSTORMid:159879

Trust: 0.7

db:PACKETSTORMid:157818

Trust: 0.7

db:PACKETSTORMid:158864

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2020.2988

Trust: 0.6

db:AUSCERTid:ESB-2020.1360

Trust: 0.6

db:AUSCERTid:ESB-2020.1437

Trust: 0.6

db:AUSCERTid:ESB-2020.1728

Trust: 0.6

db:AUSCERTid:ESB-2021.0319

Trust: 0.6

db:AUSCERTid:ESB-2020.4295

Trust: 0.6

db:AUSCERTid:ESB-2020.1847

Trust: 0.6

db:AUSCERTid:ESB-2020.2806

Trust: 0.6

db:AUSCERTid:ESB-2022.1832

Trust: 0.6

db:AUSCERTid:ESB-2020.1465

Trust: 0.6

db:AUSCERTid:ESB-2021.2348

Trust: 0.6

db:AUSCERTid:ESB-2020.3872

Trust: 0.6

db:AUSCERTid:ESB-2020.3373

Trust: 0.6

db:AUSCERTid:ESB-2020.1728.2

Trust: 0.6

db:CS-HELPid:SB2022072037

Trust: 0.6

db:CS-HELPid:SB2021042307

Trust: 0.6

db:NSFOCUSid:48052

Trust: 0.6

db:CNNVDid:CNNVD-202004-060

Trust: 0.6

db:VULMONid:CVE-2020-1927

Trust: 0.1

db:PACKETSTORMid:168892

Trust: 0.1

sources: VULMON: CVE-2020-1927 // JVNDB: JVNDB-2020-003563 // PACKETSTORM: 159371 // PACKETSTORM: 159879 // PACKETSTORM: 157818 // PACKETSTORM: 158864 // PACKETSTORM: 168892 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202004-060 // NVD: CVE-2020-1927

REFERENCES

url:https://www.oracle.com/security-alerts/cpuapr2021.html

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2020-1927

Trust: 1.9

url:http://www.openwall.com/lists/oss-security/2020/04/03/1

Trust: 1.7

url:http://www.openwall.com/lists/oss-security/2020/04/04/1

Trust: 1.7

url:https://security.netapp.com/advisory/ntap-20200413-0002/

Trust: 1.7

url:http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2020.html

Trust: 1.7

url:https://usn.ubuntu.com/4458-1/

Trust: 1.7

url:https://www.debian.org/security/2020/dsa-4757

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpujul2022.html

Trust: 1.7

url:https://httpd.apache.org/security/vulnerabilities_24.html

Trust: 1.1

url:https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3cdev.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3cdev.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hyvye2zerfxdv6rmkk3i5sdsdqlpseiq/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/a2rn46prbje7e7opd4yzx5svwv5qkgv5/

Trust: 1.1

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1927

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:httpd.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201@%3cdev.

Trust: 0.6

url:https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7@%3ccvs.

Trust: 0.6

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hyvye2zerfxdv6rmkk3i5sdsdqlpseiq/

Trust: 0.6

url:https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84@%3ccvs.

Trust: 0.6

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/a2rn46prbje7e7opd4yzx5svwv5qkgv5/

Trust: 0.6

url:httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.6

url:https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac@%3cdev.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3ccvs.

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022072037

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1437/

Trust: 0.6

url:http-server-affect-ibm-i/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-cve-2020-1927-and-cve-2020-1934-in-apache-

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-5/

Trust: 0.6

url:https://packetstormsecurity.com/files/159371/red-hat-security-advisory-2020-3958-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0319/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2988/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1728/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1360/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1847/

Trust: 0.6

url:https://packetstormsecurity.com/files/159879/red-hat-security-advisory-2020-4751-01.html

Trust: 0.6

url:http-server-and-ibm-websphere-application-server-used-in-ibm-websphere-application-server-in-ibm-cloud/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3373/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1465/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.3872/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.4295/

Trust: 0.6

url:http-server-used-by-websphere-application-server/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-

Trust: 0.6

url:https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-019.pdf

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2348

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.1728.2/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021042307

Trust: 0.6

url:http-cve-2019-10098-and-cve-2020-1927/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-

Trust: 0.6

url:httpd-mod-rewrite-open-redirect-31923

Trust: 0.6

url:https://vigilance.fr/vulnerability/apache-

Trust: 0.6

url:https://packetstormsecurity.com/files/158864/ubuntu-security-notice-usn-4458-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2020.2806/

Trust: 0.6

url:http://www.nsfocus.net/vulndb/48052

Trust: 0.6

url:https://packetstormsecurity.com/files/157818/red-hat-security-advisory-2020-2263-01.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.1832

Trust: 0.6

url:http-server-vulnerabilities-3/

Trust: 0.6

url:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-siteprotector-system-is-affected-by-apache-

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-1934

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://www.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2020-1927

Trust: 0.3

url:https://access.redhat.com/security/cve/cve-2019-10098

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/security/team/key/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2019-10098

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2020:2263

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-1934

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11993

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-11984

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-9490

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/601.html

Trust: 0.1

url:https://github.com/unknwncharlie/metamap

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://alas.aws.amazon.com/alas-2020-1370.html

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2017-15715

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:3958

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1283

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1303

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-1303

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-1283

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2017-15715

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10097

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0197

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-17189

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10082

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10092

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10097

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10092

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0197

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2018-17189

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10081

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-10082

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2020:4751

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-10081

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2019-0196

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-0196

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.5_release_notes/

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.14

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.17

Trust: 0.1

url:https://usn.ubuntu.com/4458-1

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/apache2

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

sources: VULMON: CVE-2020-1927 // JVNDB: JVNDB-2020-003563 // PACKETSTORM: 159371 // PACKETSTORM: 159879 // PACKETSTORM: 157818 // PACKETSTORM: 158864 // PACKETSTORM: 168892 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202004-060 // NVD: CVE-2020-1927

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 159371 // PACKETSTORM: 159879 // PACKETSTORM: 157818 // CNNVD: CNNVD-202004-060

SOURCES

db:VULMONid:CVE-2020-1927
db:JVNDBid:JVNDB-2020-003563
db:PACKETSTORMid:159371
db:PACKETSTORMid:159879
db:PACKETSTORMid:157818
db:PACKETSTORMid:158864
db:PACKETSTORMid:168892
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202004-060
db:NVDid:CVE-2020-1927

LAST UPDATE DATE

2024-11-23T20:47:00.007000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2020-1927date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-003563date:2020-04-20T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202004-060date:2022-07-26T00:00:00
db:NVDid:CVE-2020-1927date:2024-11-21T05:11:37.390

SOURCES RELEASE DATE

db:VULMONid:CVE-2020-1927date:2020-04-02T00:00:00
db:JVNDBid:JVNDB-2020-003563date:2020-04-20T00:00:00
db:PACKETSTORMid:159371date:2020-09-30T15:46:52
db:PACKETSTORMid:159879date:2020-11-04T15:33:20
db:PACKETSTORMid:157818date:2020-05-26T14:42:04
db:PACKETSTORMid:158864date:2020-08-13T16:53:22
db:PACKETSTORMid:168892date:2020-08-31T12:12:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202004-060date:2020-04-01T00:00:00
db:NVDid:CVE-2020-1927date:2020-04-02T00:15:13.347