Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Debian Local Security Checks
Title:Debian: Security Advisory for apache2 (DSA-4757-1)
Summary:The remote host is missing an update for the 'apache2'; package(s) announced via the DSA-4757-1 advisory.
The remote host is missing an update for the 'apache2'
package(s) announced via the DSA-4757-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been found in the Apache HTTPD server.

Fabrice Perez reported that certain mod_rewrite configurations are
prone to an open redirect.

Chamal De Silva discovered that the mod_proxy_ftp module uses
uninitialized memory when proxying to a malicious FTP backend.

Felix Wilhelm discovered that a specially crafted value for the
'Cache-Digest' header in a HTTP/2 request could cause a crash when
the server actually tries to HTTP/2 PUSH a resource afterwards.

Felix Wilhelm reported a buffer overflow flaw in the mod_proxy_uwsgi
module which could result in information disclosure or potentially
remote code execution.

Felix Wilhelm reported that when trace/debug was enabled for the
HTTP/2 module certain traffic edge patterns can cause logging
statements on the wrong connection, causing concurrent use of
memory pools.

Affected Software/OS:
'apache2' package(s) on Debian Linux.

For the stable distribution (buster), these problems have been fixed in
version 2.4.38-3+deb10u4.

We recommend that you upgrade your apache2 packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-1927
Debian Security Information: DSA-4757 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:0597 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2020-1934
Common Vulnerability Exposure (CVE) ID: CVE-2020-9490
SuSE Security Announcement: openSUSE-SU-2020:1285 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:1293 (Google Search)
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2020 E-Soft Inc. All rights reserved.