Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- There are multiple vulnerabilities in the IBM HTTP Server used by WebSphere Application Server. This has been addressed.
- Vulnerability Details
- CVEID: CVE-2020-1927
- DESCRIPTION: Apache HTTP Server could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in the mod_rewrite module. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
- CVSS Base score: 7.4
- CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178936 for the current score.
- CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N)
- CVEID: CVE-2020-1934
- DESCRIPTION: Apache HTTP Server could allow a remote attacker to execute arbitrary code on the system, caused by the use of uninitialized value in mod_proxy_ftp. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.
- CVSS Base score: 8.1
- CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/178937 for the current score.
- CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
- Affected Website
- IBM_HTTP_Server at lexus.acpt.b2c.toyota.ca Port 80
- https://acpt.lexus.ca/lexus/en
- #GhostSecCanada
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement