From d25463d4e4a3f8230d09bdd77ee32886909f1e40 Mon Sep 17 00:00:00 2001 From: CVE Team Date: Thu, 2 Apr 2020 00:01:22 +0000 Subject: [PATCH] "-Synchronized-Data." --- 2020/1xxx/CVE-2020-1927.json | 50 +++++++++++++++++++++++++++++++++--- 2020/1xxx/CVE-2020-1958.json | 15 +++++++++++ 2 files changed, 62 insertions(+), 3 deletions(-) diff --git a/2020/1xxx/CVE-2020-1927.json b/2020/1xxx/CVE-2020-1927.json index 4f3a3c40a2e..3f66c85f2a6 100644 --- a/2020/1xxx/CVE-2020-1927.json +++ b/2020/1xxx/CVE-2020-1927.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1927", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "security@apache.org", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Apache", + "product": { + "product_data": [ + { + "product_name": "Apache HTTP Server", + "version": { + "version_data": [ + { + "version_value": "2.4.0 to 2.4.41" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "mod_rewrite CWE-601 open redirect" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://httpd.apache.org/security/vulnerabilities_24.html", + "url": "https://httpd.apache.org/security/vulnerabilities_24.html" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL." } ] } diff --git a/2020/1xxx/CVE-2020-1958.json b/2020/1xxx/CVE-2020-1958.json index 62155495b9f..ebe05a86e65 100644 --- a/2020/1xxx/CVE-2020-1958.json +++ b/2020/1xxx/CVE-2020-1958.json @@ -53,6 +53,21 @@ "refsource": "MLIST", "name": "[druid-commits] 20200401 [GitHub] [druid] lgtm-com[bot] commented on issue #9600: Fix for [CVE-2020-1958] Apache Druid LDAP injection vulnerability", "url": "https://lists.apache.org/thread.html/r1526dbce98a138629a41daa06c13393146ddcaf8f9d273cc49d57681@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200401 [druid] branch master updated: Fix for [CVE-2020-1958]: Apache Druid LDAP injection vulnerability (#9600)", + "url": "https://lists.apache.org/thread.html/rffabc9e83cc2831bbee5db32b3965b84b09346a26ebc1012db63d28c@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[druid-commits] 20200401 [GitHub] [druid] jihoonson merged pull request #9600: Fix for [CVE-2020-1958] Apache Druid LDAP injection vulnerability", + "url": "https://lists.apache.org/thread.html/r1c32c95543d44559b8d7fd89b0a85f728c80e8b715685bbf788a15a4@%3Ccommits.druid.apache.org%3E" + }, + { + "refsource": "MLIST", + "name": "[announce] 20200401 [CVE-2020-1958]: Apache Druid LDAP injection vulnerability", + "url": "https://lists.apache.org/thread.html/rf70876ecafb45b314eff9d040c5281c4adb0cb7771eb029448cfb79b@%3Cannounce.apache.org%3E" } ] },