A flaw was found in Apache HTTP Server (httpd) versions 2.4.0 to 2.4.41. Redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirected instead to an unexpected URL within the request URL.

References

bugzilla.redhat.com/show_bug.cgi?id=1820761

httpd.apache.org/security/vulnerabilities_24.html

nvd.nist.gov/vuln/detail/CVE-2020-1927

www.cve.org/CVERecord?id=CVE-2020-1927

ubuntucve 1

alpinelinux 1

veracode 1

prion 1

debiancve 1

nessus 43

cve 1

osv 7

httpd 1

f5 1

ibm 15

mageia 1

openvas 21

altlinux 3

kaspersky 1

redhat 5

amazon 2

photon 7

freebsd 1

suse 1

archlinux 1

fedora 2

debian 3

ubuntu 1

centos 1

oraclelinux 2

almalinux 1

rocky 1

symantec 1

oracle 3

ubuntucve

CVE-2020-1927

2020-04-02 00:00:00

alpinelinux

CVE-2020-1927

2020-04-02 00:15:00

veracode

Open Redirection

2020-05-15 02:23:25

prion

Code injection

2020-04-02 00:15:00

debiancve

CVE-2020-1927

2020-04-02 00:15:00

nessus

F5 Networks BIG-IP : Apache HTTPD vulnerability (K23153696)

2021-07-08 00:00:00

Photon OS 2.0: Httpd PHSA-2020-2.0-0228

2020-04-22 00:00:00

Photon OS 1.0: Httpd PHSA-2020-1.0-0290

2020-04-29 00:00:00

cve

CVE-2020-1927

2020-04-02 00:15:00

osv

BIT-apache-2020-1927

2024-03-06 10:57:05

CVE-2020-1927

2020-04-02 00:15:13

apache2 - security update

2020-08-31 00:00:00

httpd

Apache Httpd < 2.4.42 : mod_rewrite CWE-601 open redirect

2019-12-05 00:00:00

K23153696 : Apache HTTPD vulnerability CVE-2020-1927

2020-08-26 00:00:00

ibm

Security Bulletin: Rational Build Forge Security Advisory for Apache HTTP Server (CVE-2020-1927, CVE-2020-1934)

2020-07-27 07:17:02

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2020-1927, CVE-2020-1934)

2020-04-17 21:29:53

Security Bulletin: Vulnerabilities CVE-2020-1927 and CVE-2020-1934 in Apache HTTP Server affect IBM i

2020-06-10 20:52:43

mageia

Updated apache packages fix security vulnerabilities

2020-04-15 13:12:14

openvas

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1601)

2020-06-03 00:00:00

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1749)

2020-07-03 00:00:00

Apache HTTP Server 2.4.0 < 2.4.42 Multiple Vulnerabilities - Windows

2020-04-03 00:00:00

altlinux

Security fix for the ALT Linux 8 package apache2 version 1:2.4.43-alt1

2020-04-09 00:00:00

Security fix for the ALT Linux 9 package apache2 version 1:2.4.43-alt1

2020-04-08 00:00:00

Security fix for the ALT Linux 10 package apache2 version 1:2.4.43-alt1

2020-04-06 00:00:00

kaspersky

KLA12367 Multiple vulnerabilities in Apache HTTP Server

2020-04-01 00:00:00

redhat

(RHSA-2020:2263) Moderate: httpd24-httpd and httpd24-mod_md security and enhancement update

2020-05-26 07:28:44

(RHSA-2020:3958) Moderate: httpd security, bug fix, and enhancement update

2020-09-29 07:46:42

(RHSA-2020:1336) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update

2020-04-06 19:02:18

amazon

Low: httpd

2020-05-19 18:32:00

Low: httpd24

2020-05-22 20:57:00

photon

Moderate Photon OS Security Update - PHSA-2020-0079

2020-04-10 00:00:00

Moderate Photon OS Security Update - PHSA-2020-3.0-0079

2020-04-10 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0228

2020-04-10 00:00:00

freebsd

Apache -- Multiple vulnerabilities

2020-04-01 00:00:00

suse

Security update for apache2 (important)

2020-05-02 00:00:00

archlinux

[ASA-202004-14] apache: multiple issues

2020-04-15 00:00:00

fedora

[SECURITY] Fedora 32 Update: httpd-2.4.46-1.fc32

2020-08-31 15:50:53

[SECURITY] Fedora 31 Update: httpd-2.4.46-1.fc31

2020-09-03 16:27:14

debian

[SECURITY] [DSA 4757-1] apache2 security update

2020-08-31 15:10:58

[SECURITY] [DSA 4757-1] apache2 security update

2020-08-31 15:10:58

[SECURITY] [DLA 2706-1] apache2 security update

2021-07-09 08:50:21

ubuntu

Apache HTTP Server vulnerabilities

2020-08-13 00:00:00

centos

httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update

2020-10-20 18:13:33

oraclelinux

httpd security, bug fix, and enhancement update

2020-10-06 00:00:00

httpd:2.4 security, bug fix, and enhancement update

2020-11-10 00:00:00

almalinux

Moderate: httpd:2.4 security, bug fix, and enhancement update

2020-11-03 12:33:02

rocky

httpd:2.4 security, bug fix, and enhancement update

2020-11-03 12:33:02

symantec

Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020

2020-06-12 20:41:37

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Oracle Critical Patch Update Advisory - April 2021

2021-04-20 00:00:00

Oracle Critical Patch Update Advisory - July 2020

2020-07-14 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.003 Low

EPSS

Percentile

65.2%

JSON

Related for RH:CVE-2020-1927