EXPLOIT LEAK

1. There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. This has been addressed.
2.  
3. Vulnerability Details
4. CVEID: CVE-2020-1927
5. DESCRIPTION: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
6. CVSS Base score: 7.4
7. CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178936 for the current score.
8. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)
9.  
10. CVEID: CVE-2020-1934
11. DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by the use of uninitialized value in mod_proxy_ftp. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
12. CVSS Base score: 8.1
13. CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178937 for the current score.
14. CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
15.  
16. Affected Website
17. IBM_HTTP_Server at lexus.acpt.b2c.toyota.ca Port 80
18. https://acpt.lexus.ca/lexus/en
19.  
20. #GhostSecCanada