Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-9490

Опубликовано: 07 авг. 2020
Источник: debian
EPSS Высокий

Описание

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
apache2fixed2.4.46-1package
apache2ignoredstretchpackage

Примечания

  • https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490

  • https://www.openwall.com/lists/oss-security/2020/08/07/4

  • https://svn.apache.org/r1880396

  • https://github.com/apache/httpd/commit/a61223e9cb906110f35ec144b93fee9eb80ad6e4

  • https://bugs.chromium.org/p/project-zero/issues/detail?id=2030

EPSS

Процентиль: 99%
0.76276
Высокий

Связанные уязвимости

ubuntu логотип

CVE-2020-9490

CVSS3: 7.5
ubuntu
больше 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

redhat логотип

CVE-2020-9490

CVSS3: 7.5
redhat
больше 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

nvd логотип

CVE-2020-9490

CVSS3: 7.5
nvd
больше 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

msrc логотип

CVE-2020-9490

CVSS3: 7.5
msrc
больше 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

github логотип

GHSA-f2jx-wr3j-25w5

CVSS3: 7.5
github
больше 3 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

EPSS

Процентиль: 99%
0.76276
Высокий