Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-11993

Опубликовано: 07 авг. 2020
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 4.3
CVSS3: 7.5

Описание

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

РелизСтатусПримечание
bionic

released

2.4.29-1ubuntu4.14
devel

released

2.4.46-1ubuntu1
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

not-affected

2.4.29-1ubuntu4.14
esm-infra/focal

not-affected

2.4.41-4ubuntu3.1
esm-infra/xenial

not-affected

code not present
focal

released

2.4.41-4ubuntu3.1
precise/esm

not-affected

code not present
trusty

ignored

end of standard support
trusty/esm

not-affected

code not present

Показывать по

Ссылки на источники

EPSS

Процентиль: 97%
0.38847
Средний

4.3 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-11993

CVSS3: 7.5
redhat
почти 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

nvd логотип

CVE-2020-11993

CVSS3: 7.5
nvd
почти 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

msrc логотип

CVE-2020-11993

CVSS3: 7.5
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2020-11993

CVSS3: 7.5
debian
почти 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enab ...

github логотип

GHSA-89mq-r3q6-9q3q

CVSS3: 7.5
github
около 3 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

EPSS

Процентиль: 97%
0.38847
Средний

4.3 Medium

CVSS2

7.5 High

CVSS3

Уязвимость CVE-2020-11993