Your submission was sent successfully! Close

CVE-2020-11984

Published: 7 August 2020

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

Notes

AuthorNote
seth-arnold
libapache2-mod-proxy-uwsgi binary package is in universe
mdeslaur
the libapache2-mod-proxy-uwsgi module moved from the uwsgi
source package to the apache2 source package in focal+
Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
focal
Released (2.4.41-4ubuntu3.1)
groovy
Released (2.4.46-1ubuntu1)
hirsute
Released (2.4.46-1ubuntu1)
impish
Released (2.4.46-1ubuntu1)
jammy
Released (2.4.46-1ubuntu1)
precise Not vulnerable
(code not present)
trusty Not vulnerable
(code not present)
upstream
Released (2.4.44)
xenial Not vulnerable
(code not present)
Patches:
upstream: https://svn.apache.org/viewvc?view=revision&revision=1880251
upstream: https://github.com/apache/httpd/commit/0c543e3f5b3881d515d6235f152aacaaaf3aba72
Binaries built from this source package are in Universe and so are supported by the community.
uwsgi
Launchpad, Ubuntu, Debian
bionic
Released (2.0.15-10.2ubuntu2.2)
focal Not vulnerable
(code not present)
groovy Not vulnerable
(code not present)
hirsute Not vulnerable
(code not present)
impish Not vulnerable
(code not present)
jammy Not vulnerable
(code not present)
precise Does not exist

trusty Needed

upstream Needs triage

xenial Ignored
(end of standard support, was needed)