Details of VAR-202004-0999

ID

VAR-202004-0999

CVE

CVE-2020-1927

TITLE

Apache HTTP Server Request in URL Unexpected in URL Vulnerability redirected to

Trust: 0.8

sources: JVNDB: JVNDB-2020-003563

DESCRIPTION

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. 7) - x86_64 3. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. The following packages have been upgraded to a later upstream version: mod_http2 (1.15.7). -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: httpd24-httpd and httpd24-mod_md security and enhancement update Advisory ID: RHSA-2020:2263-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2020:2263 Issue date: 2020-05-26 CVE Names: CVE-2019-10098 CVE-2020-1927 ==================================================================== 1. Summary: An update for httpd24-httpd and httpd24-mod_md is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Description: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_rewrite configurations vulnerable to open redirect (CVE-2020-1927) * httpd: mod_rewrite potential open redirect (CVE-2019-10098) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Software Collections 3.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1743959 - CVE-2019-10098 httpd: mod_rewrite potential open redirect 1820761 - CVE-2020-1927 httpd: mod_rewrite configurations vulnerable to open redirect 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6): Source: httpd24-httpd-2.4.34-18.el6.src.rpm noarch: httpd24-httpd-manual-2.4.34-18.el6.noarch.rpm x86_64: httpd24-httpd-2.4.34-18.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el6.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el6.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el6.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el6.x86_64.rpm httpd24-mod_session-2.4.34-18.el6.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6): Source: httpd24-httpd-2.4.34-18.el6.src.rpm noarch: httpd24-httpd-manual-2.4.34-18.el6.noarch.rpm x86_64: httpd24-httpd-2.4.34-18.el6.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el6.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el6.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el6.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el6.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el6.x86_64.rpm httpd24-mod_session-2.4.34-18.el6.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el6.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.34-18.el7.src.rpm httpd24-mod_md-2.0.8-1.el7.src.rpm aarch64: httpd24-httpd-2.4.34-18.el7.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.aarch64.rpm httpd24-httpd-devel-2.4.34-18.el7.aarch64.rpm httpd24-httpd-tools-2.4.34-18.el7.aarch64.rpm httpd24-mod_ldap-2.4.34-18.el7.aarch64.rpm httpd24-mod_md-2.0.8-1.el7.aarch64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.aarch64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.aarch64.rpm httpd24-mod_session-2.4.34-18.el7.aarch64.rpm httpd24-mod_ssl-2.4.34-18.el7.aarch64.rpm noarch: httpd24-httpd-manual-2.4.34-18.el7.noarch.rpm ppc64le: httpd24-httpd-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm httpd24-mod_md-2.0.8-1.el7.ppc64le.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm s390x: httpd24-httpd-2.4.34-18.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.s390x.rpm httpd24-mod_md-2.0.8-1.el7.s390x.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm httpd24-mod_session-2.4.34-18.el7.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.s390x.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.34-18.el7.src.rpm httpd24-mod_md-2.0.8-1.el7.src.rpm aarch64: httpd24-httpd-2.4.34-18.el7.aarch64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.aarch64.rpm httpd24-httpd-devel-2.4.34-18.el7.aarch64.rpm httpd24-httpd-tools-2.4.34-18.el7.aarch64.rpm httpd24-mod_ldap-2.4.34-18.el7.aarch64.rpm httpd24-mod_md-2.0.8-1.el7.aarch64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.aarch64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.aarch64.rpm httpd24-mod_session-2.4.34-18.el7.aarch64.rpm httpd24-mod_ssl-2.4.34-18.el7.aarch64.rpm noarch: httpd24-httpd-manual-2.4.34-18.el7.noarch.rpm ppc64le: httpd24-httpd-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm httpd24-mod_md-2.0.8-1.el7.ppc64le.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm s390x: httpd24-httpd-2.4.34-18.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.s390x.rpm httpd24-mod_md-2.0.8-1.el7.s390x.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm httpd24-mod_session-2.4.34-18.el7.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.s390x.rpm x86_64: httpd24-httpd-2.4.34-18.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm httpd24-mod_md-2.0.8-1.el7.x86_64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6): Source: httpd24-httpd-2.4.34-18.el7.src.rpm httpd24-mod_md-2.0.8-1.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-18.el7.noarch.rpm ppc64le: httpd24-httpd-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm httpd24-mod_md-2.0.8-1.el7.ppc64le.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm s390x: httpd24-httpd-2.4.34-18.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.s390x.rpm httpd24-mod_md-2.0.8-1.el7.s390x.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm httpd24-mod_session-2.4.34-18.el7.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.s390x.rpm x86_64: httpd24-httpd-2.4.34-18.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm httpd24-mod_md-2.0.8-1.el7.x86_64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.7): Source: httpd24-httpd-2.4.34-18.el7.src.rpm httpd24-mod_md-2.0.8-1.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-18.el7.noarch.rpm ppc64le: httpd24-httpd-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-devel-2.4.34-18.el7.ppc64le.rpm httpd24-httpd-tools-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ldap-2.4.34-18.el7.ppc64le.rpm httpd24-mod_md-2.0.8-1.el7.ppc64le.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-18.el7.ppc64le.rpm httpd24-mod_session-2.4.34-18.el7.ppc64le.rpm httpd24-mod_ssl-2.4.34-18.el7.ppc64le.rpm s390x: httpd24-httpd-2.4.34-18.el7.s390x.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.s390x.rpm httpd24-httpd-devel-2.4.34-18.el7.s390x.rpm httpd24-httpd-tools-2.4.34-18.el7.s390x.rpm httpd24-mod_ldap-2.4.34-18.el7.s390x.rpm httpd24-mod_md-2.0.8-1.el7.s390x.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.s390x.rpm httpd24-mod_proxy_html-2.4.34-18.el7.s390x.rpm httpd24-mod_session-2.4.34-18.el7.s390x.rpm httpd24-mod_ssl-2.4.34-18.el7.s390x.rpm x86_64: httpd24-httpd-2.4.34-18.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm httpd24-mod_md-2.0.8-1.el7.x86_64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-httpd-2.4.34-18.el7.src.rpm httpd24-mod_md-2.0.8-1.el7.src.rpm noarch: httpd24-httpd-manual-2.4.34-18.el7.noarch.rpm x86_64: httpd24-httpd-2.4.34-18.el7.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-18.el7.x86_64.rpm httpd24-httpd-devel-2.4.34-18.el7.x86_64.rpm httpd24-httpd-tools-2.4.34-18.el7.x86_64.rpm httpd24-mod_ldap-2.4.34-18.el7.x86_64.rpm httpd24-mod_md-2.0.8-1.el7.x86_64.rpm httpd24-mod_md-debuginfo-2.0.8-1.el7.x86_64.rpm httpd24-mod_proxy_html-2.4.34-18.el7.x86_64.rpm httpd24-mod_session-2.4.34-18.el7.x86_64.rpm httpd24-mod_ssl-2.4.34-18.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2019-10098 https://access.redhat.com/security/cve/CVE-2020-1927 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.5_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXszbC9zjgjWX9erEAQhADg/+MXJE58l81OZKPv+q7IVqDJyn5WBSzHQx FSMgRLz22MHVDmLbDUhOKDvQ2LjECJYX3Z2K9dLouAFowXC6iE/jYSCv/1hKf1k6 aYhZSP/teN0dwPbt9L7yrb9sdmHndL76PlGCWB5xSJQ2bBeMAwUBNGfc+DsVHxGd IlvX3c5JhzOwdCUWBXOLijNyNm84Wu9kq2HyPWtSpZhiPYrJYfHNSkINC4emP3HZ oxR6JjZbBBlVv+goOjjWCzcs5mWPqFawTs/j8PRZAeGYIVNYZGJWuItNQtlIKV7I k3t7CzMhTe2YzLYpeznrJR35QLSmQCyVwMMqIBfhsuUYN1PT7CVZym75p9dkv9E4 aBRiws/GTTJTJKPNYaJHEjAjcx0fr2SvnEU2XwtJ7kBsdqNeH6E84kpVw+ZXUx5W 1VdVLxByCf9uiqDMZpi90u24ug5Qkn3U0GpQaAi0b5pnQijMTpcyTSuyqx4Vi4uH 3rXD9VhX6iW7cVX0TELegnldFFnIqnn1OtLxuE8OuT1942+W/uPjXe9pdvRMHeuX 9dPpOpqDM4ksta3rJtr0vfR2NsoOPe0otmtB0fjIPtmEMx2Icv7mNoSz2elg6aIZ 35f1T/yTMTrAQU3GeyAJVHTc0IlV9pwyJiezD9DifAFOVL1qjwQF1gXRff8gdyTi 5Ut1HUEbrIM=rq6/ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4458-1 August 13, 2020 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: Fabrice Perez discovered that the Apache mod_rewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. (CVE-2020-1927) Chamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly handled memory when proxying to a malicious FTP server. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2020-1934) Felix Wilhelm discovered that the HTTP/2 implementation in Apache did not properly handle certain Cache-Digest headers. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-9490) Felix Wilhelm discovered that the Apache mod_proxy_uwsgi module incorrectly handled large headers. A remote attacker could use this issue to obtain sensitive information or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11984) Felix Wilhelm discovered that the HTTP/2 implementation in Apache did not properly handle certain logging statements. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11993) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.1 apache2-bin 2.4.41-4ubuntu3.1 libapache2-mod-proxy-uwsgi 2.4.41-4ubuntu3.1 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.14 apache2-bin 2.4.29-1ubuntu4.14 Ubuntu 16.04 LTS: apache2 2.4.18-2ubuntu3.17 apache2-bin 2.4.18-2ubuntu3.17 In general, a standard system update will make all the necessary changes. CVE-2020-9490 Felix Wilhelm discovered that a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request could cause a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. CVE-2020-11984 Felix Wilhelm reported a buffer overflow flaw in the mod_proxy_uwsgi module which could result in information disclosure or potentially remote code execution. CVE-2020-11993 Felix Wilhelm reported that when trace/debug was enabled for the HTTP/2 module certain traffic edge patterns can cause logging statements on the wrong connection, causing concurrent use of memory pools. For the stable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u4. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl9NEuNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0R5YQ/+JLGtVDLCq/TPAtxgqhE/QlE7+ptoFGXxY7+kScNZx2LCKpoXxrFmpfO/ HyjeGZgVlmggPyrvFu57NXbnPP4YnzgiRONuhLeoXq496zpz/sQjhNkKQkjs5Xdf lfChNfMRblTeSKSHpEBlXyxx56CPa45BDFRI4jSbuhUJjl58SF7mfgJ9n0mVuWR/ DGo0snCU3+wOS6Ce7WQbh8Y8kSCZMt/KVgCNOFbM4IaKTgohLHNrqF1kmW7Ccq1/ OpY/P2GbHoKN9h9qRhfp8b+OUdbmg+57WRejkF2FX9XWLfGjnAbmW7TX5MquoK1N xruYtvwIvqRvsidOPG9BPf1OD5WZwIKsFnGKc2yEXmjVe7RY4driNSyU6DRJN/a2 n958CVuEI7L/GTleIU/0MYX5SH98B8oCH4ojqXzDdjbjJXtq1nYe/X9tEIrYgHds iB1oMwKE9Rwu4RDkHLX/uiJ8rJPkvc0d7JpA6vKzBK+CQLnFSWhg7N+fTNja/PJW PeJsTPv8iHB3SvccHmhIxj7tSW41Ta5YDUUY2oIj746OqjV1gBeSM3j2JK1gYVSF IZ1foL9qGLsQabI61llV+MxmKL3seiBfUF20yIeRcstqFcY/R0rxrIQl+bbAQOnX Q09LQHxUzjS5MwXcrsfReCqQbrItqwbrU2Gs/kvN73CrM7ZX4ag= =PNO5 -----END PGP SIGNATURE-----

Trust: 2.7

sources: NVD: CVE-2020-1927 // JVNDB: JVNDB-2020-003563 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2020-1927 // PACKETSTORM: 159371 // PACKETSTORM: 159879 // PACKETSTORM: 157818 // PACKETSTORM: 158864 // PACKETSTORM: 168892

AFFECTED PRODUCTS

vendor:	oracle	model:	communications element manager	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	opensuse	model:	leap	scope:	eq	version:	15.1	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.4.0.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	16.04	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	eq	version:	8.2.0	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	gte	version:	17.1	Trust: 1.0
vendor:	broadcom	model:	brocade fabric operating system	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	lte	version:	17.3	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	18.04	Trust: 1.0
vendor:	oracle	model:	zfs storage appliance kit	scope:	eq	version:	8.8	Trust: 1.0
vendor:	oracle	model:	sd-wan aware	scope:	eq	version:	8.2	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	31	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	oracle	model:	communications element manager	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	eq	version:	8.1.1	Trust: 1.0
vendor:	apache	model:	http server	scope:	lte	version:	2.4.41	Trust: 1.0
vendor:	apache	model:	http server	scope:	gte	version:	2.4.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	oracle	model:	communications session report manager	scope:	eq	version:	8.2.0	Trust: 1.0
vendor:	canonical	model:	ubuntu linux	scope:	eq	version:	20.04	Trust: 1.0
vendor:	netapp	model:	oncommand unified manager core package	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications session route manager	scope:	eq	version:	8.2.0	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	apache	model:	http server	scope:	eq	version:	2.4.0 から 2.4.41	Trust: 0.8

sources: JVNDB: JVNDB-2020-003563 // NVD: CVE-2020-1927

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2020-1927
value:	MEDIUM
Trust: 1.0
NVD:	JVNDB-2020-003563
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202004-060
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2020-1927
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2020-1927
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	JVNDB-2020-003563
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2020-1927
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2020-003563
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2020-1927 // JVNDB: JVNDB-2020-003563 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202004-060 // NVD: CVE-2020-1927

PROBLEMTYPE DATA

problemtype:

CWE-601

Trust: 1.8

sources: JVNDB: JVNDB-2020-003563 // NVD: CVE-2020-1927

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 158864 // CNNVD: CNNVD-202004-060

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: JVNDB: JVNDB-2020-003563

PATCH

title:	Fixed in Apache httpd 2.4.42 (low: mod_rewrite CWE-601 open redirect (CVE-2020-1927))	url:	https://httpd.apache.org/security/vulnerabilities_24.html	Trust: 0.8
title:	Apache HTTP Server Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=115425	Trust: 0.6
title:	Red Hat: Moderate: httpd24-httpd and httpd24-mod_md security and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20202263 - Security Advisory	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2020-1370	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2020-1370	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-1927 log	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2020-1427	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2020-1427	Trust: 0.1
title:	Red Hat: Moderate: httpd security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20203958 - Security Advisory	Trust: 0.1
title:	Debian Security Advisories: DSA-4757-1 apache2 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=38cd51577d135ebf93dc6ff5a31c6ea1	Trust: 0.1
title:	Red Hat: Moderate: httpd:2.4 security, bug fix, and enhancement update	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20204751 - Security Advisory	Trust: 0.1
title:	Metamap	url:	https://github.com/unknwncharlie/Metamap	Trust: 0.1
title:	Vegeta:1 ~Vulhub Walkthrough	url:	https://github.com/vaishali1998/Vegeta1-Vulhub-Walkthrough	Trust: 0.1
title:	Documented commands (type help ):	url:	https://github.com/Solhack/Team_CSI_platform	Trust: 0.1
title:	External Penetration Testing - Holo Corporate Network - TryHackMe - Holo Network	url:	https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network	Trust: 0.1
title:	DC 3: Vulnhub Walkthrough	url:	https://github.com/vshaliii/DC-3-Vulnhub-Walkthrough	Trust: 0.1
title:	Funbox-rookie	url:	https://github.com/vaishali1998/Funbox2-rookie	Trust: 0.1
title:	Tier 0 Tier 1 Tier 2	url:	https://github.com/Totes5706/TotesHTB	Trust: 0.1
title:	DC-2: Vulnhub Walkthrough	url:	https://github.com/vshaliii/DC-2-Vulnhub-Walkthrough	Trust: 0.1
title:	Skynet	url:	https://github.com/bioly230/THM_Skynet	Trust: 0.1
title:	Shodan Search Script	url:	https://github.com/firatesatoglu/shodanSearch	Trust: 0.1
title:	Basic-Pentesting-2	url:	https://github.com/vshaliii/Basic-Pentesting-2-Vulnhub-Walkthrough	Trust: 0.1
title:	Basic-Pentesting-2	url:	https://github.com/vshaliii/Basic-Pentesting-2	Trust: 0.1

sources: VULMON: CVE-2020-1927 // JVNDB: JVNDB-2020-003563 // CNNVD: CNNVD-202004-060

EXTERNAL IDS

db:	NVD	id:	CVE-2020-1927	Trust: 3.0
db:	OPENWALL	id:	OSS-SECURITY/2020/04/03/1	Trust: 1.7
db:	OPENWALL	id:	OSS-SECURITY/2020/04/04/1	Trust: 1.7
db:	JVNDB	id:	JVNDB-2020-003563	Trust: 0.8
db:	PACKETSTORM	id:	159371	Trust: 0.7
db:	PACKETSTORM	id:	159879	Trust: 0.7
db:	PACKETSTORM	id:	157818	Trust: 0.7
db:	PACKETSTORM	id:	158864	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2988	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1360	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1437	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1728	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.0319	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.4295	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1847	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.2806	Trust: 0.6
db:	AUSCERT	id:	ESB-2022.1832	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1465	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2348	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3872	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.3373	Trust: 0.6
db:	AUSCERT	id:	ESB-2020.1728.2	Trust: 0.6
db:	CS-HELP	id:	SB2022072037	Trust: 0.6
db:	CS-HELP	id:	SB2021042307	Trust: 0.6
db:	NSFOCUS	id:	48052	Trust: 0.6
db:	CNNVD	id:	CNNVD-202004-060	Trust: 0.6
db:	VULMON	id:	CVE-2020-1927	Trust: 0.1
db:	PACKETSTORM	id:	168892	Trust: 0.1

sources: VULMON: CVE-2020-1927 // JVNDB: JVNDB-2020-003563 // PACKETSTORM: 159371 // PACKETSTORM: 159879 // PACKETSTORM: 157818 // PACKETSTORM: 158864 // PACKETSTORM: 168892 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202004-060 // NVD: CVE-2020-1927

REFERENCES

url:	https://www.oracle.com/security-alerts/cpuapr2021.html	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1927	Trust: 1.9
url:	http://www.openwall.com/lists/oss-security/2020/04/03/1	Trust: 1.7
url:	http://www.openwall.com/lists/oss-security/2020/04/04/1	Trust: 1.7
url:	https://security.netapp.com/advisory/ntap-20200413-0002/	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujul2020.html	Trust: 1.7
url:	https://usn.ubuntu.com/4458-1/	Trust: 1.7
url:	https://www.debian.org/security/2020/dsa-4757	Trust: 1.7
url:	https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html	Trust: 1.7
url:	https://www.oracle.com/security-alerts/cpujul2022.html	Trust: 1.7
url:	https://httpd.apache.org/security/vulnerabilities_24.html	Trust: 1.1
url:	https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3cdev.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3cdev.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3ccvs.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3ccvs.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/hyvye2zerfxdv6rmkk3i5sdsdqlpseiq/	Trust: 1.1
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/a2rn46prbje7e7opd4yzx5svwv5qkgv5/	Trust: 1.1
url:	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3ccvs.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3ccvs.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3ccvs.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3ccvs.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3ccvs.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3ccvs.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3ccvs.httpd.apache.org%3e	Trust: 1.1
url:	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3ccvs.httpd.apache.org%3e	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-1927	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	httpd.apache.org%3e	Trust: 0.6
url:	https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201@%3cdev.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7@%3ccvs.	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/hyvye2zerfxdv6rmkk3i5sdsdqlpseiq/	Trust: 0.6
url:	https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84@%3ccvs.	Trust: 0.6
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/a2rn46prbje7e7opd4yzx5svwv5qkgv5/	Trust: 0.6
url:	httpd.apache.org/security/vulnerabilities_24.html	Trust: 0.6
url:	https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac@%3cdev.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.	Trust: 0.6
url:	https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775@%3ccvs.	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022072037	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1437/	Trust: 0.6
url:	http-server-affect-ibm-i/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-cve-2020-1927-and-cve-2020-1934-in-apache-	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-qradar-siem-is-vulnerable-to-using-components-with-known-vulnerabilities-5/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159371/red-hat-security-advisory-2020-3958-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.0319/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2988/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1728/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1360/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1847/	Trust: 0.6
url:	https://packetstormsecurity.com/files/159879/red-hat-security-advisory-2020-4751-01.html	Trust: 0.6
url:	http-server-and-ibm-websphere-application-server-used-in-ibm-websphere-application-server-in-ibm-cloud/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-the-ibm-	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3373/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1465/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3872/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.4295/	Trust: 0.6
url:	http-server-used-by-websphere-application-server/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-in-ibm-	Trust: 0.6
url:	https://media.cert.europa.eu/static/securityadvisories/2020/cert-eu-sa2020-019.pdf	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2348	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.1728.2/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042307	Trust: 0.6
url:	http-cve-2019-10098-and-cve-2020-1927/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-apache-	Trust: 0.6
url:	httpd-mod-rewrite-open-redirect-31923	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apache-	Trust: 0.6
url:	https://packetstormsecurity.com/files/158864/ubuntu-security-notice-usn-4458-1.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.2806/	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/48052	Trust: 0.6
url:	https://packetstormsecurity.com/files/157818/red-hat-security-advisory-2020-2263-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.1832	Trust: 0.6
url:	http-server-vulnerabilities-3/	Trust: 0.6
url:	https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-siteprotector-system-is-affected-by-apache-	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1934	Trust: 0.4
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2020-1927	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2019-10098	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10098	Trust: 0.3
url:	https://access.redhat.com/errata/rhsa-2020:2263	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2020-1934	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11993	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-11984	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-9490	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/601.html	Trust: 0.1
url:	https://github.com/unknwncharlie/metamap	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://alas.aws.amazon.com/alas-2020-1370.html	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-15715	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3958	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1283	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1303	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1303	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-1283	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-15715	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10097	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.3_release_notes/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0197	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17189	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10082	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10092	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10097	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10092	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0197	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-17189	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10081	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-10082	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:4751	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-10081	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-0196	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-0196	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_software_collections/3/html/3.5_release_notes/	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.14	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.18-2ubuntu3.17	Trust: 0.1
url:	https://usn.ubuntu.com/4458-1	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/apache2	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1

CREDITS

Red Hat

Trust: 0.9

sources: PACKETSTORM: 159371 // PACKETSTORM: 159879 // PACKETSTORM: 157818 // CNNVD: CNNVD-202004-060

SOURCES

db:	VULMON	id:	CVE-2020-1927
db:	JVNDB	id:	JVNDB-2020-003563
db:	PACKETSTORM	id:	159371
db:	PACKETSTORM	id:	159879
db:	PACKETSTORM	id:	157818
db:	PACKETSTORM	id:	158864
db:	PACKETSTORM	id:	168892
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202004-060
db:	NVD	id:	CVE-2020-1927

LAST UPDATE DATE

2024-08-14T12:57:49.134000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2020-1927	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2020-003563	date:	2020-04-20T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202004-060	date:	2022-07-26T00:00:00
db:	NVD	id:	CVE-2020-1927	date:	2023-11-07T03:19:36.047

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2020-1927	date:	2020-04-02T00:00:00
db:	JVNDB	id:	JVNDB-2020-003563	date:	2020-04-20T00:00:00
db:	PACKETSTORM	id:	159371	date:	2020-09-30T15:46:52
db:	PACKETSTORM	id:	159879	date:	2020-11-04T15:33:20
db:	PACKETSTORM	id:	157818	date:	2020-05-26T14:42:04
db:	PACKETSTORM	id:	158864	date:	2020-08-13T16:53:22
db:	PACKETSTORM	id:	168892	date:	2020-08-31T12:12:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202004-060	date:	2020-04-01T00:00:00
db:	NVD	id:	CVE-2020-1927	date:	2020-04-02T00:15:13.347