Apache - Memory Corruption (CVE-2020-9490)
- CVSSv3 Score
- Vulnerability description
Apache server is affected by a memory corruption vulnerability. A specially crafted value for the
Cache-Digestheader in a HTTP/2 request would result in a crash when the server actually tries to HTTP PUSH a resource afterwards.
- Risk description
The risk exists that a remote unauthenticated attacker can disable, shut down or disrupt the Apache server.
Configure the HTTP/2 feature via "H2Push off" to mitigate this vulnerability. Also, upgrade the Apache server to the latest version.
- Not available