DSA-4757-1 apache2 -- apache2ID: oval:org.secpod.oval:def:605004 | Date: (C)2020-09-01 (M)2024-05-06 |
Class: PATCH | Family: unix |
Several vulnerabilities have been found in the Apache HTTPD server. CVE-2020-1927 Fabrice Perez reported that certain mod_rewrite configurations are prone to an open redirect. CVE-2020-1934 Chamal De Silva discovered that the mod_proxy_ftp module uses uninitialized memory when proxying to a malicious FTP backend. CVE-2020-9490 Felix Wilhelm discovered that a specially crafted value for the "Cache-Digest" header in a HTTP/2 request could cause a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. CVE-2020-11984 Felix Wilhelm reported a buffer overflow flaw in the mod_proxy_uwsgi module which could result in information disclosure or potentially remote code execution. CVE-2020-11993 Felix Wilhelm reported that when trace/debug was enabled for the HTTP/2 module certain traffic edge patterns can cause logging statements on the wrong connection, causing concurrent use of memory pools.
Product: |
libapache2-mod-md |
apache2 |
libapache2-mod-proxy-uwsgi |