CVE-2020-11993

Опубликовано: 07 авг. 2020

Источник: ubuntu

Приоритет: medium

EPSS Средний

CVSS2: 4.3

CVSS3: 7.5

Описание

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

Релиз	Статус	Примечание
bionic	released	2.4.29-1ubuntu4.14
devel	released	2.4.46-1ubuntu1
esm-infra-legacy/trusty	not-affected	code not present
esm-infra/bionic	released	2.4.29-1ubuntu4.14
esm-infra/focal	released	2.4.41-4ubuntu3.1
esm-infra/xenial	not-affected	code not present
focal	released	2.4.41-4ubuntu3.1
precise/esm	not-affected	code not present
trusty	ignored	end of standard support
trusty/esm	not-affected	code not present

Показывать по

Ссылки на источники

EPSS

Процентиль: 97%

0.38847

Средний

4.3 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2020-11993

CVSS3: 7.5

redhat

больше 5 лет назад

CVE-2020-11993

CVSS3: 7.5

nvd

больше 5 лет назад

CVE-2020-11993

CVSS3: 7.5

msrc

больше 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns logging statements were made on the wrong connection causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

CVE-2020-11993

CVSS3: 7.5

debian

больше 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enab ...

GHSA-89mq-r3q6-9q3q

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 97%

0.38847

Средний

4.3 Medium

CVSS2

7.5 High

CVSS3

CVE-2020-11993

Описание

Пакет apache2

Ссылки на источники

Связанные уязвимости