CVE-2019-10081

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

HTTP/2 (2.4.20 through 2.4.39) very early pushes, for example configured with "H2PushResource", could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client.

References

https://httpd.apache.org/security/vulnerabilities_24.html

https://www.debian.org/security/2019/dsa-4509

https://seclists.org/bugtraq/2019/Aug/47

https://usn.ubuntu.com/4113-1/

http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html

https://security.netapp.com/advisory/ntap-20190905-0003/

https://security.gentoo.org/glsa/201909-04

https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

https://support.f5.com/csp/article/K84341091?utm_source=f5support&utm_medium=RSS

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://www.oracle.com/security-alerts/cpuapr2020.html

https://www.oracle.com/security-alerts/cpujul2020.html

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2019-08-15

Updated: 2021-06-06

Type: CWE-787

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions from 2.4.20 to 2.4.39 (inclusive)

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Tenable Plugins

View all (21 total)

IDNameProductFamilySeverity
145821CentOS 8 : httpd:2.4 (CESA-2020:4751)NessusCentOS Local Security Checks
critical
142762Oracle Linux 8 : httpd:2.4 (ELSA-2020-4751)NessusOracle Linux Local Security Checks
critical
142397RHEL 8 : httpd:2.4 (RHSA-2020:4751)NessusRed Hat Local Security Checks
critical
135235RHEL 6 / 7 : Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 (RHSA-2020:1337)NessusRed Hat Local Security Checks
critical
135160Slackware 14.0 / 14.1 / 14.2 / current : httpd (SSA:2020-091-02) (Internal Data Buffering)NessusSlackware Local Security Checks
critical
135146EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-1359)NessusHuawei Local Security Checks
critical
133989EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1155)NessusHuawei Local Security Checks
critical
130281Amazon Linux AMI : httpd24 (ALAS-2019-1311) (Internal Data Buffering)NessusAmazon Linux Local Security Checks
critical
130109Photon OS 1.0: Httpd PHSA-2019-1.0-0253NessusPhotonOS Local Security Checks
critical
130101Photon OS 3.0: Httpd PHSA-2019-3.0-0035NessusPhotonOS Local Security Checks
critical
129688Photon OS 2.0: Httpd PHSA-2019-2.0-0178NessusPhotonOS Local Security Checks
critical
128993Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Apache HTTP Server regression (USN-4113-2) (Internal Data Buffering)NessusUbuntu Local Security Checks
critical
128612SUSE SLES12 Security Update : apache2 (SUSE-SU-2019:2329-1) (Internal Data Buffering)NessusSuSE Local Security Checks
critical
128593GLSA-201909-04 : Apache: Multiple vulnerabilities (Internal Data Buffering)NessusGentoo Local Security Checks
critical
128460openSUSE Security Update : apache2 (openSUSE-2019-2051) (Internal Data Buffering)NessusSuSE Local Security Checks
critical
128412Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : Apache HTTP Server vulnerabilities (USN-4113-1) (Internal Data Buffering)NessusUbuntu Local Security Checks
critical
128316SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2019:2237-1) (Internal Data Buffering)NessusSuSE Local Security Checks
critical
128182Debian DSA-4509-1 : apache2 - security update (Internal Data Buffering)NessusDebian Local Security Checks
critical
98669Apache 2.4.x < 2.4.41 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
critical
128033Apache 2.4.x < 2.4.41 Multiple VulnerabilitiesNessusWeb Servers
critical
127951FreeBSD : Apache -- Multiple vulnerabilities (caf545f2-c0d9-11e9-9051-4c72b94353b5) (Internal Data Buffering)NessusFreeBSD Local Security Checks
critical