CVE-2020-11984

Exploit

EPSS 76.31%
Veröffentlicht 07.08.2020 16:15:11
Zuletzt bearbeitet 21.11.2024 04:59:02
Quelle security@apache.org
Teams Watchlist Login
Unerledigt Login

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 35

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ HTTP Server Version >= 2.4.32 <= 2.4.43

Netapp ≫ Clustered Data Ontap Version-

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Fedoraproject ≫ Fedora Version31

Fedoraproject ≫ Fedora Version32

Opensuse ≫ Leap Version15.1

Opensuse ≫ Leap Version15.2

Oracle ≫ Communications Element Manager Version >= 8.2.0 <= 8.2.2

Oracle ≫ Communications Session Report Manager Version >= 8.2.0 <= 8.2.2

Oracle ≫ Communications Session Route Manager Version >= 8.2.0 <= 8.2.2

Oracle ≫ Enterprise Manager Ops Center Version12.4.0.0

Oracle ≫ Hyperion Infrastructure Technology Version11.1.2.4

Oracle ≫ Instantis Enterprisetrack Version17.1

Oracle ≫ Instantis Enterprisetrack Version17.2

Oracle ≫ Instantis Enterprisetrack Version17.3

Oracle ≫ Zfs Storage Appliance Kit Version8.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	76.31%	0.989

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

https://httpd.apache.org/security/vulnerabilities_24.html

Vendor Advisory

https://www.oracle.com/security-alerts/cpujan2021.html

Third Party Advisory

https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

https://www.oracle.com/security-alerts/cpuoct2020.html

Third Party Advisory

https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

http://www.openwall.com/lists/oss-security/2020/08/08/1

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2020/08/08/9

Third Party Advisory

Mailing List

https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/

https://usn.ubuntu.com/4458-1/

Third Party Advisory

https://www.debian.org/security/2020/dsa-4757

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html

Third Party Advisory

Mailing List

http://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html

Third Party Advisory

Exploit

VDB Entry

http://www.openwall.com/lists/oss-security/2020/08/08/10

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2020/08/08/8

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2020/08/10/5

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2020/08/17/2

Third Party Advisory

Mailing List

https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b58460911818255%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r34753590ae8e3f2b6af689af4fe84269b592f5fda9f3244fd9abbce8%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1%40%3Cdev.httpd.apache.org%3E

https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672%40%3Cdev.httpd.apache.org%3E

https://lists.apache.org/thread.html/rf71eb428714374a6f9ad68952e23611ec7807b029fd6a1b4f5f732d9%40%3Ccvs.httpd.apache.org%3E

https://lists.debian.org/debian-lts-announce/2020/09/msg00001.html

Third Party Advisory

Mailing List

https://security.gentoo.org/glsa/202008-04

Third Party Advisory

https://security.netapp.com/advisory/ntap-20200814-0005/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-11984

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11984

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11984

EUVD