CVE-2020-11984

Published: 07 August 2020

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
apache2
Launchpad, Ubuntu, Debian
Upstream
Released (2.4.44)
Ubuntu 21.04 (Hirsute Hippo)
Released (2.4.46-1ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (2.4.41-4ubuntu3.1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://svn.apache.org/viewvc?view=revision&revision=1880251
Upstream: https://github.com/apache/httpd/commit/0c543e3f5b3881d515d6235f152aacaaaf3aba72
Binaries built from this source package are in Universe and so are supported by the community.
uwsgi
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code not present)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not present)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.0.15-10.2ubuntu2.2)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Needed