Problem Note 66129: The SAS® 9.4 Web Server is vulnerable to the issue that is described in CVE-2020-1927
Severity: Medium
Description: The SAS Web Server, which uses Apache HTTP Server 2.4.41 or earlier, is vulnerable to the issue that is described in CVE-2020-1927.
Potential Impact: An attacker might redirect users to an arbitrary URL.
Click the Hot Fix tab in this note to access the hot fix for this issue. This hot fix upgrades the Apache HTTP Server version to 2.4.43
Operating System and Release Information
SAS System | SAS Web Server | Microsoft® Windows® for x64 | 9.45 | | 9.4 TS1M6 | |
64-bit Enabled AIX | 9.45 | | 9.4 TS1M6 | |
64-bit Enabled Solaris | 9.45 | | 9.4 TS1M6 | |
HP-UX IPF | 9.45 | | 9.4 TS1M6 | |
Linux for x64 | 9.45 | | 9.4 TS1M6 | |
Solaris for x64 | 9.45 | | 9.4 TS1M6 | |
*
For software releases that are not yet generally available, the Fixed
Release is the software release in which the problem is planned to be
fixed.
Type: | Problem Note |
Priority: | high |
Date Modified: | 2020-06-29 10:07:13 |
Date Created: | 2020-06-15 10:07:18 |