OPENSUSE-SU-2020:0597-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 01 May 2020, 18:28
Last modified:07 May 2025, 18:11
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
01 May 2020, 18:28
Published
Vulnerability first disclosed
07 May 2025, 18:11
Last Modified
Vulnerability information updated
Description
Security update for apache2 This update for apache2 fixes the following issues: - CVE-2020-1934: mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server (bsc#1168404). - CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect (bsc#1168407). - CVE-2020-1938: mod_proxy_ajp: Add 'secret' parameter to proxy workers to implement legacy AJP13 authentication (bsc#1169066). This update was imported from the SUSE:SLE-15:Update update project.
Affected Systems
- opensuse•apache2&distro=openSUSE Leap 15.1
< 2.4.33-lp151.8.12.1
References (7)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4PH4IMDFDAGXIZ542OBXWA3YM2WL2ZA5/
- https://bugzilla.suse.com/1168404
- https://bugzilla.suse.com/1168407
- https://bugzilla.suse.com/1169066
- https://www.suse.com/security/cve/CVE-2020-1927
- https://www.suse.com/security/cve/CVE-2020-1934
- https://www.suse.com/security/cve/CVE-2020-1938