Problem Note 66129: The SAS® 9.4 Web Server is vulnerable to the issue that is described in CVE-2020-1927
 |  |  |  |  |
Severity: Medium
Description: The SAS Web Server, which uses Apache HTTP Server 2.4.41 or earlier, is vulnerable to the issue that is described in CVE-2020-1927.
Potential Impact: An attacker might redirect users to an arbitrary URL.
Click the Hot Fix tab in this note to access the hot fix for this issue. This hot fix upgrades the Apache HTTP Server version to 2.4.43
Operating System and Release Information
| Product Family | Product | System | Product Release | SAS Release | ||
| Reported | Fixed* | Reported | Fixed* | |||
| SAS System | SAS Web Server | Microsoft® Windows® for x64 | 9.45 | 9.4 TS1M6 | ||
| 64-bit Enabled AIX | 9.45 | 9.4 TS1M6 | ||||
| 64-bit Enabled Solaris | 9.45 | 9.4 TS1M6 | ||||
| HP-UX IPF | 9.45 | 9.4 TS1M6 | ||||
| Linux for x64 | 9.45 | 9.4 TS1M6 | ||||
| Solaris for x64 | 9.45 | 9.4 TS1M6 | ||||
A fix for this issue for SAS Web Server 9.45 is available at:
https://tshf.sas.com/techsup/download/hotfix/HF2/E8D.html#66129| Type: | Problem Note |
| Priority: | high |
| Date Modified: | 2020-06-29 10:07:13 |
| Date Created: | 2020-06-15 10:07:18 |