CVE-2020-1934

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 01-04-2020 10:15

Last modified: - 26-04-2022 07:05

Total changes: - 6

Description

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

5.3

Base score

3.9

1.4

Exploitability score

Impact score

Verification logic

vendor=apache AND product=http_server AND versionEndIncluding=2.4.41 AND versionStartIncluding=2.4.0

vendor=fedoraproject AND product=fedora AND version=31

vendor=fedoraproject AND product=fedora AND version=32

vendor=Debian AND product=debian_linux AND version=9.0

vendor=Debian AND product=debian_linux AND version=10.0

vendor=canonical AND product=ubuntu_linux AND version=16.04 AND software_edition=esm

vendor=canonical AND product=ubuntu_linux AND version=18.04 AND software_edition=lts

vendor=canonical AND product=ubuntu_linux AND version=20.04 AND software_edition=lts

vendor=opensuse AND product=leap AND version=15.1

vendor=oracle AND product=communications_element_manager AND version=8.1.1

vendor=oracle AND product=communications_element_manager AND version=8.2.0

vendor=oracle AND product=communications_element_manager AND version=8.2.1

vendor=oracle AND product=communications_session_report_manager AND version=8.1.1

vendor=oracle AND product=communications_session_report_manager AND version=8.2.0

vendor=oracle AND product=communications_session_report_manager AND version=8.2.1

vendor=oracle AND product=communications_session_route_manager AND version=8.1.1

vendor=oracle AND product=communications_session_route_manager AND version=8.2.0

vendor=oracle AND product=communications_session_route_manager AND version=8.2.1

vendor=oracle AND product=enterprise_manager_ops_center AND version=12.4.0.0

vendor=oracle AND product=instantis_enterprisetrack AND versionEndIncluding=17.3 AND versionStartIncluding=17.1

vendor=oracle AND product=zfs_storage_appliance_kit AND version=8.8

Reference

https://httpd.apache.org/security/vulnerabilities_24.html
[httpd-dev] 20200404 Odd vulnerabilities_24.html output-Issue Tracking, Patch, Vendor Advisory
[httpd-dev] 20200404 Re: Odd vulnerabilities_24.html output-Issue Tracking, Patch, Vendor Advisory
https://security.netapp.com/advisory/ntap-20200413-0002/
[httpd-cvs] 20200420 svn commit: r1876764 - /httpd/httpd/branches/2.4.x/CHANGES-Mailing List, Patch, Vendor Advisory
openSUSE-SU-2020:0597-Mailing List, Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2020.html
USN-4458-1-Third Party Advisory
FEDORA-2020-189a1e6c3e-Mailing List, Third Party Advisory
DSA-4757-Third Party Advisory
FEDORA-2020-0d3d3f5072-Mailing List, Third Party Advisory
[httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-Mailing List, Patch, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/-Mailing List, Patch, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-Mailing List, Patch, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1073139 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/json/-Mailing List, Patch, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1888194 [13/13] - /httpd/site/trunk/content/security/json/-Mailing List, Patch, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-Mailing List, Patch, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1073157 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-1934.json security/vulnerabilities_24.html-Mailing List, Patch, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/-Mailing List, Patch, Vendor Advisory
[httpd-cvs] 20210330 svn commit: r1888213 - /httpd/site/trunk/content/security/json/CVE-2020-1934.json-Mailing List, Patch, Vendor Advisory
[httpd-cvs] 20210603 svn commit: r1075360 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-Mailing List, Patch, Vendor Advisory
[httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html-Mailing List, Patch, Vendor Advisory
[debian-lts-announce] 20210709 [SECURITY] [DLA 2706-1] apache2 security update-Mailing List, Third Party Advisory

Keywords

CVE-2020-1934

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-1934

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures