You are viewing a plain text version of this content. The canonical link for it is here.
Posted to announce@httpd.apache.org by Daniel Ruggeri <dr...@apache.org> on 2020/08/07 11:31:38 UTC
CVE-2020-11984: mod_uwsgi buffer overlow
CVE-2020-11984: mod_uwsgi buffer overlow
Severity: moderate
Vendor: The Apache Software Foundation
Versions Affected:
httpd 2.4.32 to 2.4.44
Description:
Apache HTTP Server 2.4.32 to 2.4.44
mod_proxy_uwsgi info disclosure and possible RCE
Mitigation:
disable mod_uwsgi
Credit:
Discovered by Felix Wilhelm of Google Project Zero
References:
https://httpd.apache.org/security/vulnerabilities_24.html