CVE-2020-1934

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.41

Description The issue is related to the mod proxy ftp function in the Apache HTTP Server, which may use uninitialized memory when proxying to a malicious FTP server. This could allow a remote attacker to gain unauthorized access to protected information.

Recommendations For versions 2.4.0 through 2.4.41, consider disabling the mod proxy ftp module until a patch is available to prevent potential exploitation.

Fix

Use of Uninitialized Resource

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908

Related Identifiers

ALSA-2020:4751

ALT-PU-2020-1669

ALT-PU-2020-1686

BDU:2020-03568

BIT-APACHE-2020-1934

CESA-2020_3958

CESA-2020_4751

CVE-2020-1934

DLA-2706-1

DSA-4757-1

MGASA-2020-0166

OPENSUSE-SU-2020:0597-1

OPENSUSE-SU-2020_0597-1

RHSA-2020:2644

RHSA-2020:3958

RHSA-2020:4751

RHSA-2020_3958

RHSA-2020_4751

RLSA-2020:4751

SUSE-SU-2020:1111-1

SUSE-SU-2020:1126-1

SUSE-SU-2020:1272-1

SUSE-SU-2020:14342-1

USN-4458-1

Affected Products

Alt Linux

Almalinux

Apache Http Server

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2020-1934

Weakness Enumeration

Related Identifiers

Affected Products

References · 106