oss-sec mailing list archives
CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow
From: Daniel Ruggeri <druggeri () apache org>
Date: Fri, 07 Aug 2020 06:31:38 -0500
CVE-2020-11984: mod_uwsgi buffer overlow
Severity: moderate
Vendor: The Apache Software Foundation
Versions Affected:
httpd 2.4.32 to 2.4.44
Description:
Apache HTTP Server 2.4.32 to 2.4.44
mod_proxy_uwsgi info disclosure and possible RCE
Mitigation:
disable mod_uwsgi
Credit:
Discovered by Felix Wilhelm of Google Project Zero
References:
https://httpd.apache.org/security/vulnerabilities_24.html
Current thread:
- CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 07)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Solar Designer (Aug 07)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 08)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Solar Designer (Aug 08)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Joe Orton (Aug 17)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 08)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Solar Designer (Aug 07)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Seth Arnold (Aug 07)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 08)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Seth Arnold (Aug 10)
- Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow Daniel Ruggeri (Aug 08)