Lucene search
Redhat.comRH:CVE-2020-11984HistoryAug 11, 2020 - 8:13 p.m.
CVE-2020-11984
2020-08-1120:13:29
redhat.com
access.redhat.com
271
0.015 Low
EPSS
Percentile
87.0%
A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Mitigation
This flaw only affects specific httpd configurations which use the uwsgi protocol. It does not manifest itself when uwsgi protocol is not used. Commenting out "LoadModule proxy_uwsgi_module modules/mod_proxy_uwsgi.so" in /etc/httpd/conf.modules.d/00-proxy.conf will disable the loading of the vulnerable module.
Related
osv
osv
BIT-apache-2020-11984
2024-03-06 10:57:57
uwsgi vulnerability
2021-09-03 18:48:59
CVE-2020-11984
2020-08-07 16:15:11
ubuntucve
ubuntucve
CVE-2020-11984
2020-08-07 00:00:00
debiancve
debiancve
CVE-2020-11984
2020-08-07 16:15:11
prion
prion
Information disclosure
2020-08-07 16:15:00
cve
cve
CVE-2020-11984
2020-08-07 16:15:11
openvas
openvas
Apache HTTP Server 2.4.32 < 2.4.44 mod_proxy_uwsgi Buffer Overflow Vulnerability - Linux
2020-08-10 00:00:00
Apache HTTP Server 2.4.32 < 2.4.44 mod_proxy_uwsgi Buffer Overflow Vulnerability - Windows
2020-08-10 00:00:00
Ubuntu: Security Advisory (USN-5054-2)
2023-01-27 00:00:00
veracode
veracode
Information Disclosure
2020-08-11 03:24:53
cbl_mariner
cbl_mariner
CVE-2020-11984 affecting package httpd 2.4.43-
2021-07-08 21:56:40
httpd
httpd
Apache Httpd < 2.4.44 : mod_proxy_uwsgi buffer overflow
2020-07-22 00:00:00
zdt
zdt
Apache2 mod_proxy_uwsgi Incorrect Request Handling Exploit
2020-08-31 00:00:00
nessus
nessus
Debian DLA-2362-1 : uwsgi security update
2020-09-04 00:00:00
Ubuntu 16.04 ESM : uWSGI vulnerability (USN-5054-2)
2023-10-23 00:00:00
Photon OS 1.0: Httpd PHSA-2020-1.0-0313
2020-08-20 00:00:00
cvelist
cvelist
CVE-2020-11984
2020-08-07 15:27:15
ubuntu
ubuntu
uWSGI vulnerability
2021-09-03 00:00:00
Apache HTTP Server vulnerabilities
2020-08-13 00:00:00
alpinelinux
alpinelinux
CVE-2020-11984
2020-08-07 16:15:11
photon
photon
Critical Photon OS Security Update - PHSA-2020-0125
2020-08-12 00:00:00
Critical Photon OS Security Update - PHSA-2020-3.0-0125
2020-08-12 00:00:00
oraclelinux
oraclelinux
httpd:2.4 security, bug fix, and enhancement update
2021-05-25 00:00:00
f5
f5
mageia
mageia
Updated apache packages fix security vulnerability
2020-08-18 20:41:27
amazon
amazon
Important: httpd
2020-09-15 17:18:00
Low: httpd24
2020-08-26 23:09:00
freebsd
freebsd
Apache httpd -- Multiple vulnerabilities
2020-08-07 00:00:00
kaspersky
kaspersky
KLA12368 Multiple vulnerabilities in Apache HTTP Server
2020-08-07 00:00:00
thn
thn
Google Researcher Reported 3 Flaws in Apache Web Server Software
2020-08-25 06:52:00
almalinux
almalinux
Moderate: httpd:2.4 security, bug fix, and enhancement update
2021-05-18 06:08:34
rocky
rocky
httpd:2.4 security, bug fix, and enhancement update
2021-05-18 06:08:34
fortinet
fortinet
Multiple Apache Vulnerabilties fixed in 2.4.46
2020-10-05 00:00:00
redhat
redhat
fedora
fedora
[SECURITY] Fedora 31 Update: httpd-2.4.46-1.fc31
2020-09-03 16:27:14
[SECURITY] Fedora 32 Update: httpd-2.4.46-1.fc32
2020-08-31 15:50:53
attackerkb
attackerkb
CVE-2020-11984 — Multiple Vulnerabilities in Apache Web Server Could Allow for Remote Code Execution
2020-08-07 00:00:00
CVE-2020-9490
2020-08-07 00:00:00
ibm
ibm
gentoo
gentoo
Apache: Multiple vulnerabilities
2020-08-08 00:00:00
debian
debian
[SECURITY] [DSA 4757-1] apache2 security update
2020-08-31 15:10:58
rosalinux
rosalinux
Advisory ROSA-SA-2023-2159
2023-04-25 11:49:15
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00