Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-9490

Опубликовано: 07 авг. 2020
Источник: ubuntu
Приоритет: medium
EPSS Высокий
CVSS2: 5
CVSS3: 7.5

Описание

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

РелизСтатусПримечание
bionic

released

2.4.29-1ubuntu4.14
devel

released

2.4.46-1ubuntu1
esm-infra-legacy/trusty

not-affected

code not present
esm-infra/bionic

released

2.4.29-1ubuntu4.14
esm-infra/focal

released

2.4.41-4ubuntu3.1
esm-infra/xenial

not-affected

code not present
focal

released

2.4.41-4ubuntu3.1
precise/esm

not-affected

code not present
trusty

ignored

end of standard support
trusty/esm

not-affected

code not present

Показывать по

Ссылки на источники

EPSS

Процентиль: 99%
0.73669
Высокий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-9490

CVSS3: 7.5
redhat
больше 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

nvd логотип

CVE-2020-9490

CVSS3: 7.5
nvd
больше 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

msrc логотип

CVE-2020-9490

CVSS3: 7.5
msrc
больше 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

debian логотип

CVE-2020-9490

CVSS3: 7.5
debian
больше 5 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted valu ...

github логотип

GHSA-f2jx-wr3j-25w5

CVSS3: 7.5
github
больше 3 лет назад

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

EPSS

Процентиль: 99%
0.73669
Высокий

5 Medium

CVSS2

7.5 High

CVSS3