CVE-2020-1934

Published: Apr 1, 2020Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

Affected (21)

Products: Apache: Http Server · Fedoraproject: Fedora · Debian: Debian Linux · +3 more

Show all products

Apache: Http Server · Fedoraproject: Fedora · Debian: Debian Linux · Canonical: Ubuntu Linux · Opensuse: Leap · Oracle: Communications Element Manager, Communications Session Report Manager, Communications Session Route Manager, Enterprise Manager Ops Center, Instantis Enterprisetrack, Zfs Storage Appliance Kit

1 product

1 product

1 product

1 product

1 product

6 products

Communications Element Manager

Communications Session Report Manager

Communications Session Route Manager

Enterprise Manager Ops Center

Instantis Enterprisetrack

Zfs Storage Appliance Kit

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	From 2.4.0 to 2.4.41

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 31
Fedoraproject Fedora	Version 32

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 20.04

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Configuration F

12 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Element Manager	Version 8.1.1
Oracle Communications Element Manager	Version 8.2.0
Oracle Communications Element Manager	Version 8.2.1
Oracle Communications Session Report Manager	Version 8.1.1
Oracle Communications Session Report Manager	Version 8.2.0
Oracle Communications Session Report Manager	Version 8.2.1
Oracle Communications Session Route Manager	Version 8.1.1
Oracle Communications Session Route Manager	Version 8.2.0
Oracle Communications Session Route Manager	Version 8.2.1
Oracle Enterprise Manager Ops Center	Version 12.4.0.0
Oracle Instantis Enterprisetrack	From 17.1 to 17.3
Oracle Zfs Storage Appliance Kit	Version 8.8

Related CWEs

Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

References (46)

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html

Source: security@apache.org

Mailing ListThird Party Advisory

https://httpd.apache.org/security/vulnerabilities_24.html

Source: security@apache.org

Vendor Advisory

https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Source: security@apache.org

https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html

Source: security@apache.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/

Source: security@apache.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/

Source: security@apache.org

https://security.netapp.com/advisory/ntap-20200413-0002/

Source: security@apache.org

Third Party Advisory

https://usn.ubuntu.com/4458-1/

Source: security@apache.org

Third Party Advisory

https://www.debian.org/security/2020/dsa-4757

Source: security@apache.org

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: security@apache.org

PatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://httpd.apache.org/security/vulnerabilities_24.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20200413-0002/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4458-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.debian.org/security/2020/dsa-4757

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.