You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@httpd.apache.org by Daniel Ruggeri <dr...@apache.org> on 2020/08/07 11:31:38 UTC

CVE-2020-11984: mod_uwsgi buffer overlow

CVE-2020-11984: mod_uwsgi buffer overlow

Severity: moderate

Vendor: The Apache Software Foundation

Versions Affected:
httpd 2.4.32 to 2.4.44

Description:
Apache HTTP Server 2.4.32 to 2.4.44
mod_proxy_uwsgi info disclosure and possible RCE
    
Mitigation:
disable mod_uwsgi

Credit:
Discovered by Felix Wilhelm of Google Project Zero

References:
https://httpd.apache.org/security/vulnerabilities_24.html