Apache - Memory Corruption (CVE-2020-9490)
- Severity
- CVSSv3 Score
- 7.5
- Exploitable with Sniper
- No
- Vulnerability description
Apache server is affected by a memory corruption vulnerability. A specially crafted value for the
Cache-Digestheader in a HTTP/2 request would result in a crash when the server actually tries to HTTP PUSH a resource afterwards.- Risk description
The risk exists that a remote unauthenticated attacker can disable, shut down or disrupt the Apache server.
- Recommendation
Configure the HTTP/2 feature via "H2Push off" to mitigate this vulnerability. Also, upgrade the Apache server to the latest version.
- Detectable with
- Network Scanner
- Vuln date
- Aug 2020
- Published at
- Updated at
- Software Type
- Web server
- Vendor
- Apache
- Product
- Server
- Codename
- Not available