• 我的位置:
  • 首頁
  • -
  • 漏洞預(yù)警
  • -
  • 中間件
  • -
    • Apache HTTP Server 緩沖區(qū)錯(cuò)誤漏洞
    • CNNVD編號:CNNVD-202008-281
    • 危害等級: 超危 
    • CVE編號:CVE-2020-11984
    • 漏洞類型: 緩沖區(qū)錯(cuò)誤
    • 威脅類型:遠(yuǎn)程
    • 廠       商:未知
    • 漏洞來源: FX, Google Securit...
    • 發(fā)布時(shí)間:2020-08-07
    • 更新時(shí)間:2020-12-11

    漏洞簡介

    Apache HTTP Server是美國阿帕奇軟件(Apache Software)基金會的一款開源網(wǎng)頁服務(wù)器。該服務(wù)器具有快速、可靠且可通過簡單的API進(jìn)行擴(kuò)充的特點(diǎn)。

    Apache HTTP Server 2.4.32版本至2.4.44版本中的mod_uwsgi存在緩沖區(qū)錯(cuò)誤漏洞。攻擊者可利用該漏洞獲取信息并可能執(zhí)行代碼。

    漏洞公示

    目前廠商已發(fā)布升級補(bǔ)丁以修復(fù)漏洞,補(bǔ)丁獲取鏈接:

    https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490

    參考網(wǎng)站

    來源:MLIST

    鏈接:http://www.openwall.com/lists/oss-security/2020/08/08/9


    來源:httpd.apache.org%3E

    鏈接:httpd.apache.org%3E


    來源:MLIST

    鏈接:https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672@%3Cdev.


    來源:MLIST

    鏈接:http://www.openwall.com/lists/oss-security/2020/08/08/8


    來源:FEDORA

    鏈接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/


    來源:DEBIAN

    鏈接:https://www.debian.org/security/2020/dsa-4757


    來源:GENTOO

    鏈接:https://security.gentoo.org/glsa/202008-04


    來源:SUSE

    鏈接:http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html


    來源:SUSE

    鏈接:http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html


    來源:MISC

    鏈接:https://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html


    來源:MLIST

    鏈接:http://www.openwall.com/lists/oss-security/2020/08/08/10


    來源:usn.ubuntu.com

    鏈接:https://usn.ubuntu.com/4458-1/


    來源:MLIST

    鏈接:https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1@%3Cdev.


    來源:MLIST

    鏈接:http://www.openwall.com/lists/oss-security/2020/08/10/5


    來源:CONFIRM

    鏈接:https://security.netapp.com/advisory/ntap-20200814-0005/


    來源:httpd.apache.org

    鏈接:httpd.apache.org/security/vulnerabilities_24.html


    來源:MLIST

    鏈接:http://www.openwall.com/lists/oss-security/2020/08/17/2


    來源:nvd.nist.gov

    鏈接:https://nvd.nist.gov/vuln/detail/CVE-2020-11984


    來源:packetstormsecurity.com

    鏈接:https://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html


    來源:www.auscert.org.au

    鏈接:https://www.auscert.org.au/bulletins/ESB-2020.2988/


    來源:www.auscert.org.au

    鏈接:https://www.auscert.org.au/bulletins/ESB-2020.2735/


    來源:packetstormsecurity.com

    鏈接:https://packetstormsecurity.com/files/158864/Ubuntu-Security-Notice-USN-4458-1.html


    來源:www.auscert.org.au

    鏈接:https://www.auscert.org.au/bulletins/ESB-2020.2903/


    來源:packetstormsecurity.com

    鏈接:https://packetstormsecurity.com/files/158801/Gentoo-Linux-Security-Advisory-202008-04.html


    來源:www.auscert.org.au

    鏈接:https://www.auscert.org.au/bulletins/ESB-2020.2806/


    來源:httpd-buffer-overflow-via-mod-proxy-uwsgi-33036

    鏈接:httpd-buffer-overflow-via-mod-proxy-uwsgi-33036


    來源:vigilance.fr

    鏈接:https://vigilance.fr/vulnerability/Apache-


    來源:www.auscert.org.au

    鏈接:https://www.auscert.org.au/bulletins/ESB-2020.2961/

    受影響實(shí)體

    暫無