Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2020-1934

Published: 01/04/2020 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Http Server

Vulnerability Summary

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

fedoraproject fedora 31

fedoraproject fedora 32

debian debian linux 9.0

debian debian linux 10.0

canonical ubuntu linux 18.04

canonical ubuntu linux 20.04

canonical ubuntu linux 16.04

opensuse leap 15.1

oracle instantis enterprisetrack

oracle communications element manager 8.2.0

oracle communications element manager 8.2.1

oracle communications element manager 8.1.1

oracle enterprise manager ops center 12.4.0.0

oracle communications session report manager 8.1.1

oracle communications session report manager 8.2.0

oracle communications session report manager 8.2.1

oracle communications session route manager 8.1.1

oracle communications session route manager 8.2.0

oracle communications session route manager 8.2.1

oracle zfs storage appliance kit 8.8

Vendor Advisories

Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP3 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Core Services Pack Apache Server 2437 Service Pack 3 zip release for RHEL 6, RHEL 7 and Microsoft Windows is availableRed Hat Product Security has r ...
Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3 security update
Synopsis Important: Red Hat JBoss Core Services Apache HTTP Server 2437 SP3 security update Type/Severity Security Advisory: Important Topic Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2437 and fix several bugs, and add various enhancements are now available for Red Hat ...
Red Hat: Moderate: httpd security, bug fix, and enhancement update
Synopsis Moderate: httpd security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for httpd is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ...
Red Hat: Moderate: httpd:2.4 security, bug fix, and enhancement update
Synopsis Moderate: httpd:24 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for the httpd:24 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabi ...
Debian Security Advisories: DSA-4757-1 apache2 -- security update
Several vulnerabilities have been found in the Apache HTTPD server CVE-2020-1927 Fabrice Perez reported that certain mod_rewrite configurations are prone to an open redirect CVE-2020-1934 Chamal De Silva discovered that the mod_proxy_ftp module uses uninitialized memory when proxying to a malicious FTP backend CVE-2020-9490 ...
Amazon Linux AMI: ALAS-2020-1370
In Apache HTTP Server 240 to 2441, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL(CVE-2020-1927) In Apache HTTP Server 240 to 2441, mod_proxy_ftp may use uninitialized memory when proxying to a malicious ...
Amazon Linux 2: ALAS2-2020-1427
In Apache HTTP Server 240 to 2441, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (CVE-2020-1934) In Apache HTTP Server 240 to 2441, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the ...
Arch Linux Issues:
The use of an uninitialized value has been found in Apache HTTP Server from 240 up to and including 2441, in the mod_proxy_ftp module, when proxying to a malicious FTP server ...

Github Repositories

https://github.com/unknwncharlie/Metamap

Nmap/Vulners Automated Vulnerability Scanner

Metamap Nmap/Vulners Automated Vulnerability Scanner This tool takes the output of an nmap version scan and searches the vulnerscom database for known vulnerabilities Installation git clone githubcom/unknwncharlie/Metamapgit cd Metamap pip3 install -r requirementstxt Usage python3 metamappy [args] target Arguments Yo

https://github.com/GospelHack33/SearchCVE

Search For Common Vulnerabilities Exposure Information And Description

SearchCVE Search For Common Vulnerabilities Exposure Information And Description Requirement requests colorama Usage python searchcvepy "CVE-2020-1934"

References

CWE-908https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://security.netapp.com/advisory/ntap-20200413-0002/http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://usn.ubuntu.com/4458-1/https://www.debian.org/security/2020/dsa-4757https://lists.debian.org/debian-lts-announce/2021/07/msg00006.htmlhttps://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3Ehttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2020:2646https://github.com/unknwncharlie/Metamaphttps://www.debian.org/security/2020/dsa-4757
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028CVE-2024-32406CVE-2024-25624IMAPCVE-2024-2310CVE-2024-0874CVE-2024-20359XXEremote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook