ID

VAR-202106-1876


CVE

CVE-2020-35452


TITLE

Apache HTTP Server  of  mod_auth_digest  Stack Overflow Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-016879

DESCRIPTION

Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow. Apache HTTP Server is an open source web server of the Apache Foundation. The server is fast, reliable and can be expanded through simple APIs. Attackers can use this vulnerability to trigger remote code execution or denial of service attacks. ========================================================================== Ubuntu Security Notice USN-4994-1 June 21, 2021 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.10 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. Software Description: - apache2: Apache HTTP server Details: Marc Stern discovered that the Apache mod_proxy_http module incorrectly handled certain requests. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. (CVE-2020-13950) Antonio Morales discovered that the Apache mod_auth_digest module incorrectly handled certain Digest nonces. (CVE-2020-35452) Antonio Morales discovered that the Apache mod_session module incorrectly handled certain Cookie headers. (CVE-2021-26690) Christophe Jaillet discovered that the Apache mod_session module incorrectly handled certain SessionHeader values. (CVE-2021-26691) Christoph Anton Mitterer discovered that the new MergeSlashes configuration option resulted in unexpected behaviour in certain situations. (CVE-2021-30641) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: apache2 2.4.46-4ubuntu1.1 apache2-bin 2.4.46-4ubuntu1.1 Ubuntu 20.10: apache2 2.4.46-1ubuntu1.2 apache2-bin 2.4.46-1ubuntu1.2 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.3 apache2-bin 2.4.41-4ubuntu3.3 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.16 apache2-bin 2.4.29-1ubuntu4.16 In general, a standard system update will make all the necessary changes. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202107-38 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Low Title: Apache: Multiple vulnerabilities Date: July 17, 2021 Bugs: #795231 ID: 202107-38 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Apache, the worst of which could result in a Denial of Service condition. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-servers/apache < 2.4.48 >= 2.4.48 Description =========== Multiple vulnerabilities have been discovered in Apache. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All Apache users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.48" References ========== [ 1 ] CVE-2019-17567 https://nvd.nist.gov/vuln/detail/CVE-2019-17567 [ 2 ] CVE-2020-13950 https://nvd.nist.gov/vuln/detail/CVE-2020-13950 [ 3 ] CVE-2020-35452 https://nvd.nist.gov/vuln/detail/CVE-2020-35452 [ 4 ] CVE-2021-26690 https://nvd.nist.gov/vuln/detail/CVE-2021-26690 [ 5 ] CVE-2021-26691 https://nvd.nist.gov/vuln/detail/CVE-2021-26691 [ 6 ] CVE-2021-30641 https://nvd.nist.gov/vuln/detail/CVE-2021-30641 [ 7 ] CVE-2021-31618 https://nvd.nist.gov/vuln/detail/CVE-2021-31618 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202107-38 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2021 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP10 security update Advisory ID: RHSA-2021:4613-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:4613 Issue date: 2021-11-10 CVE Names: CVE-2019-17567 CVE-2019-20838 CVE-2020-13950 CVE-2020-14155 CVE-2020-35452 CVE-2021-3712 CVE-2021-23840 CVE-2021-23841 CVE-2021-26690 CVE-2021-26691 CVE-2021-30641 ===================================================================== 1. Summary: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10 zip release for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, and Microsoft Windows is available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Description: Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. This release adds the new Apache HTTP Server 2.4.37 Service Pack 10 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 9 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release. Security Fix(es): * httpd: Single zero byte stack overflow in mod_auth_digest (CVE-2020-35452) * httpd: mod_session NULL pointer dereference in parser (CVE-2021-26690) * httpd: Heap overflow in mod_session (CVE-2021-26691) * httpd: mod_proxy_wstunnel tunneling of non Upgraded connection (CVE-2019-17567) * httpd: MergeSlashes regression (CVE-2021-30641) * httpd: mod_proxy NULL pointer dereference (CVE-2020-13950) * jbcs-httpd24-openssl: openssl: NULL pointer dereference in X509_issuer_and_serial_hash() (CVE-2021-23841) * openssl: Read buffer overruns processing ASN.1 strings (CVE-2021-3712) * openssl: integer overflow in CipherUpdate (CVE-2021-23840) * pcre: buffer over-read in JIT when UTF is disabled (CVE-2019-20838) * pcre: integer overflow in libpcre (CVE-2020-14155) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 3. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. 4. Bugs fixed (https://bugzilla.redhat.com/): 1848436 - CVE-2020-14155 pcre: Integer overflow when parsing callout numeric arguments 1848444 - CVE-2019-20838 pcre: Buffer over-read in JIT when UTF is disabled and \X or \R has fixed quantifier greater than 1 1930310 - CVE-2021-23841 openssl: NULL pointer dereference in X509_issuer_and_serial_hash() 1930324 - CVE-2021-23840 openssl: integer overflow in CipherUpdate 1966724 - CVE-2020-35452 httpd: Single zero byte stack overflow in mod_auth_digest 1966729 - CVE-2021-26690 httpd: mod_session: NULL pointer dereference when parsing Cookie header 1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 1966738 - CVE-2020-13950 httpd: mod_proxy NULL pointer dereference 1966740 - CVE-2019-17567 httpd: mod_proxy_wstunnel tunneling of non Upgraded connection 1966743 - CVE-2021-30641 httpd: Unexpected URL matching with 'MergeSlashes OFF' 1995634 - CVE-2021-3712 openssl: Read buffer overruns processing ASN.1 strings 5. References: https://access.redhat.com/security/cve/CVE-2019-17567 https://access.redhat.com/security/cve/CVE-2019-20838 https://access.redhat.com/security/cve/CVE-2020-13950 https://access.redhat.com/security/cve/CVE-2020-14155 https://access.redhat.com/security/cve/CVE-2020-35452 https://access.redhat.com/security/cve/CVE-2021-3712 https://access.redhat.com/security/cve/CVE-2021-23840 https://access.redhat.com/security/cve/CVE-2021-23841 https://access.redhat.com/security/cve/CVE-2021-26690 https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-30641 https://access.redhat.com/security/updates/classification/#moderate 6. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYwp6tzjgjWX9erEAQiuXBAAqGRhaYNMW349nu//9/VgddwAWrILhsWM HVwFO+dFYzLft8tPDBBt6ibsTJXj/oNlIV0/THEOEVW6juFJH3SENUr6U9sc0LMg qzMiixqIfEGZl7rYSzVKlUnWwr4D4QQjOzQ95q/OQvz7RXpR40BdOx1F1C0fKs9T QyvpQB22hLBmEJqPRSAbRY3fM/aqApV3Y3woUpw/cSqsttaPB9UfdKfm6UBEAnLa 4mioFK/K/V6pjdKBjfHAIVTsdiqQmumF2m91MSzjicVdR5E8krzZot3c+h2h7mnU WPcSNLteylBQlIykK6btnirLZA6lXCv2YaJXDTI+YfJbI+Ywln/m/c+S6zk0cCoL dRS6vmmIXgYjMIEB2tix60OEXp6vIaEHAKqyOdIioMBT55X4o7kKOFH1AjZS8NiY OkKOiyvZ5JAKg1nRS82BeoA3l6HQAiwwP6kvDsyhbqWkYQEUZqK4dXFluP8B01NU vPvLNjZnGRpAKezHhMjOpaLFSvFPM9rU4trGCM5wkqFjcUksPvIKbf0JU99eKXje 1bMQveiB5gHk3/5zbXNfmdhdAYu9PRxk5rjL09oXjWd8rz/atGrZf/jb20vOPQ9S DW41MCGnMw5gZj+i/Z5mewGv0eUF7v9o0hEU0NQK7cc1EyiMf8mIyPeSbkTH55oT EuH/ObqPu58= =Q2rT -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For the stable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u5. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmDnMiAACgkQEMKTtsN8 TjbNqg/9Hrd2EqNC4ijkjHNI/B6K74GgElHVSNcF/vbOp0zmOHaRLaOr06rfXmz+ AYM9nJR4xNJQWaXKFXpCVNvmlaKKbgyiK1LFrslh4aOCVdaVxQIYlYEeOoHthc1K fZawY6qhGf4VrgSkTNhaKakNikpf4lqh7L14LUFSA0b9nRkAy7CtqGuOzgEaUR26 qRUjPewKCeE2QhMgA63ne+XxPUF4I2WYEV8SPdKRfPmMwFlUpwB8bvherjDV+53H ZRs81ZMHk05N1ESI2wYGSR/dh/xYqt/01cXJ636JR39AQR51beIVtxekzwTW/aPE mC2ZY7aH4rsLqcFe3bJcVPQjD0r/fHUVSex1Mnr7mETD5aHAohUfHLEEV1+qR8Cx gz8Z63k0KvmVNe7WetGzwsWnvOXnDdRr63qM0UqEkd3Tre0tLWXjmTUfdUcicAof NsXPtJT8eNwi+E9YmpY5IQRE88uQ2sk2NTGaQ4EetMpLqX5h7brF15OTVxqVbUPP sqAZpgz6lD2Y0P4tXGCYP3u+B48pcNqOS66JJNHO9gJgVu3O+MDQFss+Z5P5JKzI H/KJMv58eFlyP+SsGZbHcDuH/IN8ZMvJA4gsrtHDzRoowFBOS1zDXJjEYdAlzEyq B1SgwN1PXkxPDUAF2+z9dvAeEOrMUUhQhTOC4OnxFxPssSwHEps= =O0O+ -----END PGP SIGNATURE----- . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7

Trust: 2.88

sources: NVD: CVE-2020-35452 // JVNDB: JVNDB-2020-016879 // CNVD: CNVD-2021-70102 // VULMON: CVE-2020-35452 // PACKETSTORM: 163227 // PACKETSTORM: 163231 // PACKETSTORM: 163530 // PACKETSTORM: 164928 // PACKETSTORM: 164927 // PACKETSTORM: 169090 // PACKETSTORM: 167073

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-70102

AFFECTED PRODUCTS

vendor:apachemodel:http serverscope: - version: -

Trust: 1.4

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.2

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.3

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.4.0.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.1

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.4.46

Trust: 1.0

vendor:apachemodel:http serverscope:gteversion:2.4.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:オラクルmodel:zfs storage appliance kitscope: - version: -

Trust: 0.8

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:オラクルmodel:oracle enterprise manager ops centerscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:オラクルmodel:instantis enterprisetrackscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2021-70102 // JVNDB: JVNDB-2020-016879 // NVD: CVE-2020-35452

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-35452
value: HIGH

Trust: 1.0

NVD: CVE-2020-35452
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-70102
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202106-150
value: HIGH

Trust: 0.6

VULMON: CVE-2020-35452
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-35452
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2021-70102
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2020-35452
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 3.9
impactScore: 3.4
version: 3.1

Trust: 1.0

NVD: CVE-2020-35452
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-70102 // VULMON: CVE-2020-35452 // JVNDB: JVNDB-2020-016879 // CNNVD: CNNVD-202106-150 // NVD: CVE-2020-35452

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.0

problemtype:Out-of-bounds writing (CWE-787) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-016879 // NVD: CVE-2020-35452

THREAT TYPE

remote

Trust: 0.8

sources: PACKETSTORM: 163227 // PACKETSTORM: 163231 // CNNVD: CNNVD-202106-150

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202106-150

PATCH

title:Oracle Critical Patch Update Advisory - October 2021url:http://httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.8

title:Patch for Apache HTTP Server stack overflow vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/290416

Trust: 0.6

title:Apache HTTP Server Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155204

Trust: 0.6

title:Red Hat: Moderate: httpd:2.4 security and bug fix updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20221915 - Security Advisory

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2020-35452 log

Trust: 0.1

title:Debian Security Advisories: DSA-4937-1 apache2 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=09601b67947dc3a4a0ebcea7ceece30e

Trust: 0.1

title:Amazon Linux AMI: ALAS-2021-1514url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1514

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1674url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1674

Trust: 0.1

title:PROJET TUTEUREurl:https://github.com/PierreChrd/py-projet-tut

Trust: 0.1

title:External Penetration Testing - Holo Corporate Network - TryHackMe - Holo Networkurl:https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network

Trust: 0.1

title:Tier 0 Tier 1 Tier 2url:https://github.com/Totes5706/TotesHTB

Trust: 0.1

title:Skyneturl:https://github.com/bioly230/THM_Skynet

Trust: 0.1

title:Shodan Search Scripturl:https://github.com/firatesatoglu/shodanSearch

Trust: 0.1

sources: CNVD: CNVD-2021-70102 // VULMON: CVE-2020-35452 // JVNDB: JVNDB-2020-016879 // CNNVD: CNNVD-202106-150

EXTERNAL IDS

db:NVDid:CVE-2020-35452

Trust: 4.6

db:OPENWALLid:OSS-SECURITY/2021/06/10/5

Trust: 2.5

db:JVNid:JVNVU96037838

Trust: 0.8

db:JVNDBid:JVNDB-2020-016879

Trust: 0.8

db:PACKETSTORMid:163227

Trust: 0.7

db:PACKETSTORMid:163530

Trust: 0.7

db:PACKETSTORMid:164927

Trust: 0.7

db:PACKETSTORMid:167073

Trust: 0.7

db:CNVDid:CNVD-2021-70102

Trust: 0.6

db:CS-HELPid:SB2021060713

Trust: 0.6

db:CS-HELPid:SB2021111102

Trust: 0.6

db:CS-HELPid:SB2021071702

Trust: 0.6

db:CS-HELPid:SB2021060321

Trust: 0.6

db:CS-HELPid:SB2021071308

Trust: 0.6

db:CS-HELPid:SB2021071201

Trust: 0.6

db:CS-HELPid:SB2022051150

Trust: 0.6

db:AUSCERTid:ESB-2021.2229

Trust: 0.6

db:AUSCERTid:ESB-2021.3846

Trust: 0.6

db:AUSCERTid:ESB-2021.2341

Trust: 0.6

db:AUSCERTid:ESB-2021.2097

Trust: 0.6

db:AUSCERTid:ESB-2021.2153

Trust: 0.6

db:AUSCERTid:ESB-2021.2348

Trust: 0.6

db:CNNVDid:CNNVD-202106-150

Trust: 0.6

db:VULMONid:CVE-2020-35452

Trust: 0.1

db:PACKETSTORMid:163231

Trust: 0.1

db:PACKETSTORMid:164928

Trust: 0.1

db:PACKETSTORMid:169090

Trust: 0.1

sources: CNVD: CNVD-2021-70102 // VULMON: CVE-2020-35452 // JVNDB: JVNDB-2020-016879 // PACKETSTORM: 163227 // PACKETSTORM: 163231 // PACKETSTORM: 163530 // PACKETSTORM: 164928 // PACKETSTORM: 164927 // PACKETSTORM: 169090 // PACKETSTORM: 167073 // CNNVD: CNNVD-202106-150 // NVD: CVE-2020-35452

REFERENCES

url:http://www.openwall.com/lists/oss-security/2021/06/10/5

Trust: 2.5

url:https://security.gentoo.org/glsa/202107-38

Trust: 1.8

url:https://security.netapp.com/advisory/ntap-20210702-0001/

Trust: 1.7

url:https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html

Trust: 1.7

url:https://www.debian.org/security/2021/dsa-4937

Trust: 1.7

url:https://www.oracle.com/security-alerts/cpuoct2021.html

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-35452

Trust: 1.5

url:https://vigilance.fr/vulnerability/apache-http-server-multiple-vulnerabilities-35605

Trust: 1.2

url:http://httpd.apache.org/security/vulnerabilities_24.html

Trust: 1.1

url:https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3ccvs.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602%40%3cannounce.httpd.apache.org%3e

Trust: 1.1

url:https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd%40%3cdev.httpd.apache.org%3e

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/

Trust: 1.1

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2020-35452

Trust: 0.9

url:https://jvn.jp/vu/jvnvu96037838/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-26690

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-30641

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-26691

Trust: 0.6

url:httpd.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/re026d3da9d7824bd93b9f871c0fdda978d960c7e62d8c43cba8d0bf3%40%3ccvs.

Trust: 0.6

url:httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.6

url:http://

Trust: 0.6

url:https://lists.apache.org/thread.html/r7f2b70b621651548f4b6f027552f1dd91705d7111bb5d15cda0a68dd@%3cdev.

Trust: 0.6

url:https://lists.apache.org/thread.html/rccb1b8225583a48c6360edc7a93cc97ae8b0215791e455dc607e7602@%3cannounce.

Trust: 0.6

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/

Trust: 0.6

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/

Trust: 0.6

url:https://packetstormsecurity.com/files/164927/red-hat-security-advisory-2021-4614-01.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021111102

Trust: 0.6

url:https://packetstormsecurity.com/files/163530/gentoo-linux-security-advisory-202107-38.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060713

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2229

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3846

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2348

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071201

Trust: 0.6

url:https://packetstormsecurity.com/files/163227/ubuntu-security-notice-usn-4994-1.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2341

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2153

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071308

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2097

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071702

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2022051150

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021060321

Trust: 0.6

url:https://packetstormsecurity.com/files/167073/red-hat-security-advisory-2022-1915-01.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2020-13950

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2019-17567

Trust: 0.3

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.3

url:https://access.redhat.com/security/team/contact/

Trust: 0.3

url:https://bugzilla.redhat.com/):

Trust: 0.3

url:https://access.redhat.com/security/updates/classification/#moderate

Trust: 0.3

url:https://access.redhat.com/errata/rhsa-2022:1915

Trust: 0.2

url:https://ubuntu.com/security/notices/usn-4994-1

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-31618

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-14155

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-17567

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-26691

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2019-20838

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-26690

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-3712

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-30641

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23840

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2021-23841

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-23840

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.2

url:https://access.redhat.com/security/cve/cve-2020-13950

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-3712

Trust: 0.2

url:https://access.redhat.com/articles/11258

Trust: 0.2

url:https://access.redhat.com/security/team/key/

Trust: 0.2

url:https://cwe.mitre.org/data/definitions/787.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/austin-lai/external-penetration-testing-holo-corporate-network-tryhackme-holo-network

Trust: 0.1

url:https://security.archlinux.org/cve-2020-35452

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.46-1ubuntu1.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.16

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.1

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-4994-2

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4613

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:4614

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://security-tracker.debian.org/tracker/apache2

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-36160

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-33193

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-33193

Trust: 0.1

url:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.6_release_notes/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-36160

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44224

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-44224

Trust: 0.1

sources: CNVD: CNVD-2021-70102 // VULMON: CVE-2020-35452 // JVNDB: JVNDB-2020-016879 // PACKETSTORM: 163227 // PACKETSTORM: 163231 // PACKETSTORM: 163530 // PACKETSTORM: 164928 // PACKETSTORM: 164927 // PACKETSTORM: 169090 // PACKETSTORM: 167073 // CNNVD: CNNVD-202106-150 // NVD: CVE-2020-35452

CREDITS

Red Hat

Trust: 0.3

sources: PACKETSTORM: 164928 // PACKETSTORM: 164927 // PACKETSTORM: 167073

SOURCES

db:CNVDid:CNVD-2021-70102
db:VULMONid:CVE-2020-35452
db:JVNDBid:JVNDB-2020-016879
db:PACKETSTORMid:163227
db:PACKETSTORMid:163231
db:PACKETSTORMid:163530
db:PACKETSTORMid:164928
db:PACKETSTORMid:164927
db:PACKETSTORMid:169090
db:PACKETSTORMid:167073
db:CNNVDid:CNNVD-202106-150
db:NVDid:CVE-2020-35452

LAST UPDATE DATE

2024-08-14T12:41:50.907000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-70102date:2021-09-11T00:00:00
db:VULMONid:CVE-2020-35452date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2020-016879date:2022-02-25T02:36:00
db:CNNVDid:CNNVD-202106-150date:2022-05-12T00:00:00
db:NVDid:CVE-2020-35452date:2023-11-07T03:21:54.650

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-70102date:2021-09-11T00:00:00
db:VULMONid:CVE-2020-35452date:2021-06-10T00:00:00
db:JVNDBid:JVNDB-2020-016879date:2022-02-25T00:00:00
db:PACKETSTORMid:163227date:2021-06-21T19:22:22
db:PACKETSTORMid:163231date:2021-06-22T19:17:24
db:PACKETSTORMid:163530date:2021-07-17T10:11:11
db:PACKETSTORMid:164928date:2021-11-11T14:53:24
db:PACKETSTORMid:164927date:2021-11-11T14:53:11
db:PACKETSTORMid:169090date:2021-07-28T19:12:00
db:PACKETSTORMid:167073date:2022-05-11T16:37:39
db:CNNVDid:CNNVD-202106-150date:2021-06-02T00:00:00
db:NVDid:CVE-2020-35452date:2021-06-10T07:15:07.493