CVE-2020-11984

Published: 7 August 2020

Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

Notes

Author	Note
seth-arnold	libapache2-mod-proxy-uwsgi binary package is in universe
mdeslaur	the libapache2-mod-proxy-uwsgi module moved from the uwsgi source package to the apache2 source package in focal+

9.8

Package	Release	Status
apache2 Launchpad, Ubuntu, Debian	bionic	Not vulnerable (code not present)
	focal	Released (2.4.41-4ubuntu3.1)
	groovy	Released (2.4.46-1ubuntu1)
	hirsute	Released (2.4.46-1ubuntu1)
	impish	Released (2.4.46-1ubuntu1)
	jammy	Released (2.4.46-1ubuntu1)
	trusty	Not vulnerable (code not present)
	upstream	Released (2.4.44)
	xenial	Not vulnerable (code not present)
	Patches: upstream: https://svn.apache.org/viewvc?view=revision&revision=1880251 upstream: https://github.com/apache/httpd/commit/0c543e3f5b3881d515d6235f152aacaaaf3aba72
	Binaries built from this source package are in Universe and so are supported by the community.
uwsgi Launchpad, Ubuntu, Debian	bionic	Released (2.0.15-10.2ubuntu2.2)
	focal	Not vulnerable (code not present)
	groovy	Not vulnerable (code not present)
	hirsute	Not vulnerable (code not present)
	impish	Not vulnerable (code not present)
	jammy	Not vulnerable (code not present)
	trusty	Released (1.9.17.1-5ubuntu0.1+esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	upstream	Needs triage
	xenial	Released (2.0.12-5ubuntu3.2+esm1) Available with Ubuntu Pro

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.