Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2020-1927 CVE-2020-1934 |
CWE-ID | CWE-601 CWE-457 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Apache HTTP Server Server applications / Web servers |
Vendor | Apache Foundation |
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU26527
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-1927
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data in some "mod_rewrite" configurations. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApache HTTP Server: 2.4.0 - 2.4.41
http://httpd.apache.org/security/vulnerabilities_24.html
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU26528
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-1934
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the "mod_proxy_ftp" may use uninitialized memory when proxying to a malicious FTP server. A remote attacker can gain unauthorized access to sensitive information on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApache HTTP Server: 2.4.0 - 2.4.41
http://httpd.apache.org/security/vulnerabilities_24.html
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?