{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2020-1927", "ASSIGNER": "security@apache.org", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "Apache", "product": { "product_data": [ { "product_name": "Apache HTTP Server", "version": { "version_data": [ { "version_value": "2.4.0 to 2.4.41" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "mod_rewrite CWE-601 open redirect" } ] } ] }, "references": { "reference_data": [ { "refsource": "CONFIRM", "name": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "refsource": "MLIST", "name": "[oss-security] 20200403 Re: CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect", "url": "http://www.openwall.com/lists/oss-security/2020/04/03/1" }, { "refsource": "MLIST", "name": "[oss-security] 20200403 Re: CVE-2020-1927: mod_rewrite configurations vulnerable to open redirect", "url": "http://www.openwall.com/lists/oss-security/2020/04/04/1" }, { "refsource": "MLIST", "name": "[httpd-dev] 20200404 Odd vulnerabilities_24.html output", "url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201@%3Cdev.httpd.apache.org%3E" }, { "refsource": "MLIST", "name": "[httpd-dev] 20200404 Re: Odd vulnerabilities_24.html output", "url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac@%3Cdev.httpd.apache.org%3E" }, { "refsource": "MLIST", "name": "[httpd-cvs] 20200411 svn commit: r1876405 - in /httpd/test/framework/trunk/t: conf/core.conf.in security/CVE-2020-1927.t", "url": "https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7@%3Ccvs.httpd.apache.org%3E" }, { "refsource": "MLIST", "name": "[httpd-cvs] 20200412 svn commit: r1876426 - /httpd/test/framework/trunk/t/security/CVE-2020-1927.t", "url": "https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e@%3Ccvs.httpd.apache.org%3E" }, { "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200413-0002/", "url": "https://security.netapp.com/advisory/ntap-20200413-0002/" }, { "refsource": "SUSE", "name": "openSUSE-SU-2020:0597", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html" } ] }, "description": { "description_data": [ { "lang": "eng", "value": "In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL." } ] } }