HomePentest-Tools.com Logo

Apache - Memory Corruption (CVE-2020-9490)

Severity
CVSSv3 Score
7.5
Vulnerability description

Apache server is affected by a memory corruption vulnerability. A specially crafted value for the Cache-Digest header in a HTTP/2 request would result in a crash when the server actually tries to HTTP PUSH a resource afterwards.

Risk description

The risk exists that a remote unauthenticated attacker can disable, shut down or disrupt the Apache server.

Recommendation

Configure the HTTP/2 feature via "H2Push off" to mitigate this vulnerability. Also, upgrade the Apache server to the latest version.

Codename
Not available
Detectable with
Network Scanner
Exploitable with Sniper
No
Vuln date
Aug 2020
Published at
Updated at
Software Type
Web server
Vendor
Apache
Product
Server