Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-1934

Опубликовано: 01 апр. 2020
Источник: redhat
CVSS3: 3.7
EPSS Средний

Описание

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

A flaw was found in Apache's HTTP server (httpd) .The mod_proxy_ftp module may use uninitialized memory with proxying to a malicious FTP server. The highest threat from this vulnerability is to data confidentiality.

Отчет

This flaw is caused by use of an uninitialized memory variable. Practically this has no impact, but in some corner cases it is possible that the contents of this variable could be read by a remote process, causing loss of confidentiality as a result of this. There is no evidence of code execution.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5httpdOut of support scope
Red Hat Enterprise Linux 6httpdOut of support scope
Red Hat JBoss Enterprise Web Server 2httpdNot affected
Red Hat Software Collectionshttpd24-httpdFix deferred
JBoss Core Services on RHEL 6jbcs-httpd24-curlFixedRHSA-2020:264422.06.2020
JBoss Core Services on RHEL 6jbcs-httpd24-httpdFixedRHSA-2020:264422.06.2020
JBoss Core Services on RHEL 6jbcs-httpd24-mod_cluster-nativeFixedRHSA-2020:264422.06.2020
JBoss Core Services on RHEL 6jbcs-httpd24-mod_http2FixedRHSA-2020:264422.06.2020
JBoss Core Services on RHEL 6jbcs-httpd24-mod_jkFixedRHSA-2020:264422.06.2020
JBoss Core Services on RHEL 6jbcs-httpd24-mod_mdFixedRHSA-2020:264422.06.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-456
https://bugzilla.redhat.com/show_bug.cgi?id=1820772httpd: mod_proxy_ftp use of uninitialized value

EPSS

Процентиль: 97%
0.38075
Средний

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-1934

CVSS3: 5.3
ubuntu
около 5 лет назад

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

nvd логотип

CVE-2020-1934

CVSS3: 5.3
nvd
около 5 лет назад

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

debian логотип

CVE-2020-1934

CVSS3: 5.3
debian
около 5 лет назад

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitial ...

github логотип

GHSA-x5pm-xqw2-5256

CVSS3: 5.3
github
около 3 лет назад

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

fstec логотип

BDU:2020-03568

CVSS3: 5.3
fstec
больше 5 лет назад

Уязвимость функции mod_proxy_ftp сервера приложений Apache Tomcat, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 97%
0.38075
Средний

3.7 Low

CVSS3