HomePentest-Tools.com Logo

Apache - Memory Corruption (CVE-2020-9490)

Severity
CVSSv3 Score
7.5
Exploitable with Sniper
No
Vulnerability description

Apache server is affected by a memory corruption vulnerability. A specially crafted value for the Cache-Digest header in a HTTP/2 request would result in a crash when the server actually tries to HTTP PUSH a resource afterwards.

Risk description

The risk exists that a remote unauthenticated attacker can disable, shut down or disrupt the Apache server.

Recommendation

Configure the HTTP/2 feature via "H2Push off" to mitigate this vulnerability. Also, upgrade the Apache server to the latest version.

Detectable with
Network Scanner
Vuln date
Aug 2020
Published at
Updated at
Software Type
Web server
Vendor
Apache
Product
Server
Codename
Not available