CVE-2020-11984

critical-risk

Published 2020-08-07

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

Do I need to act?

75.3% chance of exploitation in next 30 days

EPSS score — higher than 25% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Http Server

Clustered Data Ontap

Ubuntu Linux

Debian Linux

Fedora

Leap

Communications Element Manager

Communications Session Report Manager

Communications Session Route Manager

Enterprise Manager Ops Center

Hyperion Infrastructure Technology

Instantis Enterprisetrack

Zfs Storage Appliance Kit

Affected Vendors

Debian Apache Oracle Canonical Fedoraproject Netapp Opensuse

References (64)

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html

Exploit http://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Re...

Mailing List http://www.openwall.com/lists/oss-security/2020/08/08/1

Mailing List http://www.openwall.com/lists/oss-security/2020/08/08/10

Mailing List http://www.openwall.com/lists/oss-security/2020/08/08/8

Mailing List http://www.openwall.com/lists/oss-security/2020/08/08/9

Mailing List http://www.openwall.com/lists/oss-security/2020/08/10/5

Mailing List http://www.openwall.com/lists/oss-security/2020/08/17/2

Vendor Advisory https://httpd.apache.org/security/vulnerabilities_24.html

https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f60...

https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda...

https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d...

https://lists.apache.org/thread.html/r2c6083f6a2027914a0f5b54e2a1f4fa98c03f8693b...

https://lists.apache.org/thread.html/r34753590ae8e3f2b6af689af4fe84269b592f5fda9...

https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46...

https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d60...

https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b269...

https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37...

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f8...

and 44 more references

/ 100

critical-risk

Severity 32/34 · Critical

Exploitability 20/34 · Moderate

Exposure 20/34 · Moderate