Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-1927

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

Related bugs and status

CVE-2020-1927 (Candidate) is related to these bugs:

Bug #1565744: "Mutex file:${APACHE_LOCK_DIR} default" should be disabled by default on Linux because it leads to errors

Summary				In	Importance	Status
	1565744	"Mutex file:${APACHE_LOCK_DIR} default" should be disabled by default on Linux because it leads to errors		apache2 (Ubuntu)	Undecided	Fix Released
	1565744	"Mutex file:${APACHE_LOCK_DIR} default" should be disabled by default on Linux because it leads to errors		apache2 (Ubuntu Xenial)	Low	Fix Released

Bug #1870818: apache2 security fix in 2.4.43

Summary				In	Importance	Status
	1870818	apache2 security fix in 2.4.43		apache2 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://httpd.apache.o...
MLIST: [oss-security] 2020040...
MLIST: [httpd-dev] 20200404 O...
MLIST: [httpd-dev] 20200404 R...
MLIST: [oss-security] 2020040...
MLIST: [httpd-cvs] 20200411 s...
CONFIRM: https://security.netap...
MLIST: [httpd-cvs] 20200412 s...
SUSE: openSUSE-SU-2020:0597
MISC: https://www.oracle.com...
UBUNTU: USN-4458-1
DEBIAN: DSA-4757
FEDORA: FEDORA-2020-189a1e6c3e
FEDORA: FEDORA-2020-0d3d3f5072
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210330 s...
MLIST: [httpd-cvs] 20210606 s...
MISC: https://www.oracle.com...
MLIST: [debian-lts-announce] ...
MISC: https://www.oracle.com...