Vulnerability in Apache Http Server
CVE-2020-11984
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE
EPSS: 0.763 (99.0th percentile) — read the EPSS interpretation.
Affected products
- N/a Apache Http Server — versions 2.4.32 to 2.4.44
Public proof-of-concept exploits
References
- httpd.apache.org/security/vulnerabilities_24.html (x_refsource_MISC)
- [oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow (mailing-list, x_refsource_MLIST)
- GLSA-202008-04 (vendor-advisory, x_refsource_GENTOO)
- [oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow (mailing-list, x_refsource_MLIST)
- [oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow (mailing-list, x_refsource_MLIST)
- [oss-security] 20200808 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow (mailing-list, x_refsource_MLIST)
- [oss-security] 20200810 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow (mailing-list, x_refsource_MLIST)
- [httpd-dev] 20200811 Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities? (mailing-list, x_refsource_MLIST)
- [httpd-dev] 20200811 Re: Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities? (mailing-list, x_refsource_MLIST)
- [oss-security] 20200817 Re: CVE-2020-11984: Apache httpd: mod_uwsgi buffer overlow (mailing-list, x_refsource_MLIST)
Frequently asked questions
- What is CVE-2020-11984?
- CVE-2020-11984 is a vulnerability in Apache Http Server. Published 2020-08-07.
- Is CVE-2020-11984 known to be exploited?
- 19 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.