First published: Thu Aug 13 2020(Updated: )
Fabrice Perez discovered that the Apache mod_rewrite module incorrectly handled certain redirects. A remote attacker could possibly use this issue to perform redirects to an unexpected URL. (CVE-2020-1927) Chamal De Silva discovered that the Apache mod_proxy_ftp module incorrectly handled memory when proxying to a malicious FTP server. A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2020-1934) Felix Wilhelm discovered that the HTTP/2 implementation in Apache did not properly handle certain Cache-Digest headers. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-9490) Felix Wilhelm discovered that the Apache mod_proxy_uwsgi module incorrectly handled large headers. A remote attacker could use this issue to obtain sensitive information or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-11984) Felix Wilhelm discovered that the HTTP/2 implementation in Apache did not properly handle certain logging statements. A remote attacker could possibly use this issue to cause Apache to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-11993)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/apache2 | <2.4.41-4ubuntu3.1 | 2.4.41-4ubuntu3.1 |
=20.04 | ||
All of | ||
ubuntu/apache2-bin | <2.4.41-4ubuntu3.1 | 2.4.41-4ubuntu3.1 |
=20.04 | ||
All of | ||
ubuntu/libapache2-mod-proxy-uwsgi | <2.4.41-4ubuntu3.1 | 2.4.41-4ubuntu3.1 |
=20.04 | ||
All of | ||
ubuntu/apache2 | <2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.14 |
=18.04 | ||
All of | ||
ubuntu/apache2-bin | <2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.14 |
=18.04 | ||
All of | ||
ubuntu/apache2 | <2.4.18-2ubuntu3.17 | 2.4.18-2ubuntu3.17 |
=16.04 | ||
All of | ||
ubuntu/apache2-bin | <2.4.18-2ubuntu3.17 | 2.4.18-2ubuntu3.17 |
=16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Contains the following vulnerabilities)
The vulnerability ID for this Apache HTTP Server vulnerability is CVE-2020-1927.
The Apache mod_rewrite module handles redirects incorrectly by allowing a remote attacker to perform redirects to an unexpected URL.
The vulnerability ID for the Apache mod_proxy_ftp vulnerability is CVE-2020-11993.
The Apache mod_proxy_ftp module handles memory incorrectly, which can be exploited by an attacker.
The affected versions of Apache HTTP Server are 2.4.41-4ubuntu3.1, 2.4.29-1ubuntu4.14, and 2.4.18-2ubuntu3.17.
To fix these Apache HTTP Server vulnerabilities, update to version 2.4.41-4ubuntu3.1 for Ubuntu 20.04, version 2.4.29-1ubuntu4.14 for Ubuntu 18.04, and version 2.4.18-2ubuntu3.17 for Ubuntu 16.04.