Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-11993

Опубликовано: 07 авг. 2020
Источник: debian

Описание

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
apache2fixed2.4.46-1package
apache2ignoredstretchpackage

Примечания

  • https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993

  • https://www.openwall.com/lists/oss-security/2020/08/07/3

  • https://svn.apache.org/r1879642

  • https://github.com/apache/httpd/commit/63a0a87efa0925514d15c211b508f6594669888c

Связанные уязвимости

ubuntu логотип

CVE-2020-11993

CVSS3: 7.5
ubuntu
почти 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

redhat логотип

CVE-2020-11993

CVSS3: 7.5
redhat
почти 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

nvd логотип

CVE-2020-11993

CVSS3: 7.5
nvd
почти 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

msrc логотип

CVE-2020-11993

CVSS3: 7.5
msrc
почти 5 лет назад

Описание отсутствует

github логотип

GHSA-89mq-r3q6-9q3q

CVSS3: 7.5
github
около 3 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.