oss-sec mailing list archives
CVE-2020-1934: mod_proxy_ftp use of uninitialized value
From: Daniel Ruggeri <druggeri () apache org>
Date: Wed, 01 Apr 2020 07:54:12 -0500
CVE-2020-1934: mod_proxy_ftp use of uninitialized value Severity: low Vendor: The Apache Software Foundation Versions Affected: httpd 2.4.0-2.4.41 Description: Apache HTTP Server 2.4.0 to 2.4.41 mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server. Mitigation: Don't proxy to untrusted FTP servers prior to applying the fix. Credit: The issue was discovered by Chamal De Silva <chamal.desilva () gmail com> References: https://httpd.apache.org/security/vulnerabilities_24.html
Current thread:
- CVE-2020-1934: mod_proxy_ftp use of uninitialized value Daniel Ruggeri (Apr 01)