PT-2020-3261 · Apache+8 · Apache Http Server+8

Published

2020-02-24

·

Updated

2024-03-06

·

CVE-2020-1927

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.41
Description The issue is related to the mod rewrite function in the Apache HTTP Server, where redirects intended to be self-referential can be fooled by encoded newlines, causing them to redirect to an unexpected URL within the request URL. This could potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations For Apache HTTP Server versions 2.4.0 through 2.4.41, consider updating to a version where this issue is fixed, as the current version may allow redirects to be manipulated by encoded newlines, potentially leading to unauthorized access or information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

ALSA-2020:4751
ALT-PU-2020-1669
ALT-PU-2020-1686
BDU:2020-03569
BIT-APACHE-2020-1927
CESA-2020_3958
CESA-2020_4751
CVE-2020-1927
DLA-2706-1
DLA-3351-1
DSA-4757-1
MGASA-2020-0166
OPENSUSE-SU-2020:0597-1
OPENSUSE-SU-2020_0597-1
RHSA-2020:1337
RHSA-2020:2263
RHSA-2020:3958
RHSA-2020:4751
RHSA-2020_3958
RHSA-2020_4751
RLSA-2020:4751
SUSE-SU-2020:1111-1
SUSE-SU-2020:1126-1
SUSE-SU-2020:1272-1
USN-4458-1

Affected Products

Alt Linux
Almalinux
Apache Http Server
Centos
Linuxmint
Red Hat
Rocky Linux
Suse
Ubuntu