Date: Wed, 01 Apr 2020 07:54:12 -0500 From: Daniel Ruggeri <druggeri@...che.org> To: oss-security@...ts.openwall.com Subject: CVE-2020-1934: mod_proxy_ftp use of uninitialized value CVE-2020-1934: mod_proxy_ftp use of uninitialized value Severity: low Vendor: The Apache Software Foundation Versions Affected: httpd 2.4.0-2.4.41 Description: Apache HTTP Server 2.4.0 to 2.4.41 mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. Mitigation: Don't proxy to untrusted FTP servers prior to applying the fix. Credit: The issue was discovered by Chamal De Silva <chamal.desilva@...il.com> References: https://httpd.apache.org/security/vulnerabilities_24.html
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.