Main Vulnerability Database Vulnerabilities #VU35713

#VU35713 Buffer overflow in Apache HTTP Server - CVE-2020-11984

Published: August 8, 2020 / Updated: July 3, 2025

Vulnerability identifier: #VU35713

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2020-11984

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Apache HTTP Server

Software vendor:
Apache Foundation

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in od_proxy_uwsgi module. A remote attacker can send a specially crafted request to the web server, trigger memory corruption and gain access to sensitive information or execute arbitrary code on the target system.

Remediation

Install updates from vendor's website.

External links

http://www.openwall.com/lists/oss-security/2020/08/08/1
https://httpd.apache.org/security/vulnerabilities_24.html

#VU35713 Buffer overflow in Apache HTTP Server - CVE-2020-11984

Description

Remediation

External links

Please verify you're human