Описание
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.
A vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.
Меры по смягчению последствий
This flaw is only exploitable if Apache httpd is configured to respond to HTTP/2 requests, which is done by including "h2" or "h2c" in the "Protocols" list in a configuration file. The following command can be used to search for possible vulnerable configurations: grep -R '^\sProtocols>.<h2>' /etc/httpd/ See https://httpd.apache.org/docs/2.4/mod/mod_http2.html
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | httpd | Not affected | ||
| Red Hat Enterprise Linux 6 | httpd | Not affected | ||
| Red Hat Enterprise Linux 7 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Web Server 2 | httpd | Out of support scope | ||
| Red Hat JBoss Enterprise Web Server 2 | httpd22 | Out of support scope | ||
| Red Hat JBoss Web Server 3 | httpd24 | Out of support scope | ||
| Red Hat Software Collections | httpd24-httpd | Will not fix | ||
| JBoss Core Services Apache HTTP Server 2.4.37 SP2 | httpd | Fixed | RHSA-2020:1336 | 06.04.2020 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-apr | Fixed | RHSA-2020:1337 | 06.04.2020 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-brotli | Fixed | RHSA-2020:1337 | 06.04.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configur ...
HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.
Уязвимость реализации сетевого протокола HTTP/2 веб-сервера Apache HTTP Server, связанная с чтением за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.3 Medium
CVSS3