Apache - Memory Corruption (CVE-2020-9490)

Severity
CVSSv3 Score: 7.5
CVE: CVE-2020-9490

Vulnerability description

Apache server is affected by a memory corruption vulnerability. A specially crafted value for the Cache-Digest header in a HTTP/2 request would result in a crash when the server actually tries to HTTP PUSH a resource afterwards.

Risk description

The risk exists that a remote unauthenticated attacker can disable, shut down or disrupt the Apache server.

Recommendation

Configure the HTTP/2 feature via "H2Push off" to mitigate this vulnerability. Also, upgrade the Apache server to the latest version.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-9490

https://httpd.apache.org/security/vulnerabilities_24.html

Codename

Detectable with: Network Scanner
Exploitable with Sniper: No
Vuln date: Aug 2020
Published at: Aug 2022
Updated at: Aug 2022
Software Type: Web server
Vendor: Apache
Product: Server