Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-11993

Опубликовано: 07 авг. 2020
Источник: nvd
CVSS3: 7.5
CVSS2: 4.3
EPSS Средний

Описание

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Версия от 2.4.20 (включая) до 2.4.44 (исключая)
Конфигурация 2
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
Конфигурация 5
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 6

Одно из

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Конфигурация 7

Одно из

cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
Версия от 8.2.0 (включая) до 8.2.2 (включая)
cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*
Версия от 8.2.0 (включая) до 8.2.2 (включая)
cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*
Версия от 8.2.0 (включая) до 8.2.2 (включая)
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

EPSS

Процентиль: 97%
0.38847
Средний

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-444

Связанные уязвимости

ubuntu логотип

CVE-2020-11993

CVSS3: 7.5
ubuntu
почти 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

redhat логотип

CVE-2020-11993

CVSS3: 7.5
redhat
почти 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

msrc логотип

CVE-2020-11993

CVSS3: 7.5
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2020-11993

CVSS3: 7.5
debian
почти 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enab ...

github логотип

GHSA-89mq-r3q6-9q3q

CVSS3: 7.5
github
около 3 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

EPSS

Процентиль: 97%
0.38847
Средний

7.5 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-444