Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.1
CVSSv3

CVE-2020-1927

Published: 02/04/2020 Updated: 07/11/2023
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Apache

Vulnerability Summary

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

fedoraproject fedora 31

fedoraproject fedora 32

debian debian linux 9.0

debian debian linux 10.0

canonical ubuntu linux 18.04

canonical ubuntu linux 20.04

canonical ubuntu linux 16.04

opensuse leap 15.1

netapp oncommand unified manager core package -

broadcom brocade fabric operating system -

oracle sd-wan aware 8.2

oracle instantis enterprisetrack

oracle communications element manager 8.2.0

oracle communications element manager 8.2.1

oracle communications element manager 8.1.1

oracle enterprise manager ops center 12.4.0.0

oracle communications session report manager 8.1.1

oracle communications session report manager 8.2.0

oracle communications session report manager 8.2.1

oracle communications session route manager 8.1.1

oracle communications session route manager 8.2.0

oracle communications session route manager 8.2.1

oracle zfs storage appliance kit 8.8

Vendor Advisories

Red Hat: Moderate: httpd24-httpd and httpd24-mod_md security and enhancement update
Synopsis Moderate: httpd24-httpd and httpd24-mod_md security and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd24-httpd and httpd24-mod_md is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of M ...
Red Hat: Moderate: httpd security, bug fix, and enhancement update
Synopsis Moderate: httpd security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Red Hat: Moderate: httpd:2.4 security, bug fix, and enhancement update
Synopsis Moderate: httpd:24 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabi ...
Debian Security Advisories: DSA-4757-1 apache2 -- security update
Several vulnerabilities have been found in the Apache HTTPD server CVE-2020-1927 Fabrice Perez reported that certain mod_rewrite configurations are prone to an open redirect CVE-2020-1934 Chamal De Silva discovered that the mod_proxy_ftp module uses uninitialized memory when proxying to a malicious FTP backend CVE-2020-9490 ...
Amazon Linux AMI: ALAS-2020-1370
In Apache HTTP Server 240 to 2441, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL(CVE-2020-1927) In Apache HTTP Server 240 to 2441, mod_proxy_ftp may use uninitialized memory when proxying to a malicious ...
Amazon Linux 2: ALAS2-2020-1427
In Apache HTTP Server 240 to 2441, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (CVE-2020-1934) In Apache HTTP Server 240 to 2441, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the ...
Arch Linux Issues:
A security issue has been found in Apache HTTP Server from 240 up to and including 2441, in the mod_rewrite module, where redirects that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL This is the same defect as CVE-2019-10098 The fix for CVE-2019-100 ...

Github Repositories

https://github.com/unknwncharlie/Metamap

Nmap/Vulners Automated Vulnerability Scanner

Metamap Nmap/Vulners Automated Vulnerability Scanner This tool takes the output of an nmap version scan and searches the vulnerscom database for known vulnerabilities Installation git clone githubcom/unknwncharlie/Metamapgit cd Metamap pip3 install -r requirementstxt Usage python3 metamappy [args] target Arguments Yo

References

CWE-601https://httpd.apache.org/security/vulnerabilities_24.htmlhttp://www.openwall.com/lists/oss-security/2020/04/03/1http://www.openwall.com/lists/oss-security/2020/04/04/1https://security.netapp.com/advisory/ntap-20200413-0002/http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://usn.ubuntu.com/4458-1/https://www.debian.org/security/2020/dsa-4757https://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://lists.debian.org/debian-lts-announce/2021/07/msg00006.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2020:2263https://nvd.nist.govhttps://github.com/unknwncharlie/Metamaphttps://www.debian.org/security/2020/dsa-4757
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook