CVE-2020-9490

MEDIUM

Description

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

References

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html

http://packetstormsecurity.com/files/160392/Apache-2.4.43-mod_http2-Memory-Corruption.html

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Cdev.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.fedoraproject.org/archives/list/[email protected]/message/4NKWG2EXAQQB6LMLATKZ7KLSRGCSHVAN/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ITVFDBVM6E3JF3O7RYLRPRCH3RDRHJJY/

https://security.gentoo.org/glsa/202008-04

https://security.netapp.com/advisory/ntap-20200814-0005/

https://usn.ubuntu.com/4458-1/

https://www.debian.org/security/2020/dsa-4757

https://www.oracle.com/security-alerts/cpujan2021.html

https://www.oracle.com/security-alerts/cpuoct2020.html

Details

Source: MITRE

Published: 2020-08-07

Updated: 2021-04-07

Type: CWE-444

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Tenable Plugins

View all (30 total)

IDNameProductFamilySeverity
147691EulerOS Virtualization 2.9.0 : httpd (EulerOS-SA-2021-1663)NessusHuawei Local Security Checks
medium
147602EulerOS Virtualization 2.9.1 : httpd (EulerOS-SA-2021-1602)NessusHuawei Local Security Checks
high
145811CentOS 8 : httpd:2.4 (CESA-2020:3714)NessusCentOS Local Security Checks
medium
143613SUSE SLES15 Security Update : apache2 (SUSE-SU-2020:3067-1)NessusSuSE Local Security Checks
medium
143158Amazon Linux 2 : httpd (ALAS-2020-1490)NessusAmazon Linux Local Security Checks
high
142207openSUSE Security Update : apache2 (openSUSE-2020-1792)NessusSuSE Local Security Checks
medium
141337EulerOS 2.0 SP9 : httpd (EulerOS-SA-2020-2165)NessusHuawei Local Security Checks
medium
141330EulerOS 2.0 SP9 : httpd (EulerOS-SA-2020-2175)NessusHuawei Local Security Checks
medium
140966EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-2018)NessusHuawei Local Security Checks
high
140635Amazon Linux 2 : mod_http2 (ALAS-2020-1493)NessusAmazon Linux Local Security Checks
medium
140581RHEL 8 : httpd:2.4 (RHSA-2020:3734)NessusRed Hat Local Security Checks
medium
140525Oracle Linux 8 : httpd:2.4 (ELSA-2020-3714)NessusOracle Linux Local Security Checks
medium
140523RHEL 8 : httpd:2.4 (RHSA-2020:3726)NessusRed Hat Local Security Checks
medium
140492RHEL 8 : httpd:2.4 (RHSA-2020:3714)NessusRed Hat Local Security Checks
medium
112580Apache 2.4.x < 2.4.46 Multiple VulnerabilitiesWeb Application ScanningComponent Vulnerability
high
140252SUSE SLES12 Security Update : apache2 (SUSE-SU-2020:2450-1)NessusSuSE Local Security Checks
medium
140104Debian DSA-4757-1 : apache2 - security updateNessusDebian Local Security Checks
high
140086Amazon Linux AMI : httpd24 (ALAS-2020-1418)NessusAmazon Linux Local Security Checks
high
140078openSUSE Security Update : apache2 (openSUSE-2020-1293)NessusSuSE Local Security Checks
high
140076openSUSE Security Update : apache2 (openSUSE-2020-1285)NessusSuSE Local Security Checks
high
139957EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1854)NessusHuawei Local Security Checks
high
139906SUSE SLES15 Security Update : apache2 (SUSE-SU-2020:2344-1)NessusSuSE Local Security Checks
high
139884Fedora 31 : mod_http2 (2020-b58dc5df38)NessusFedora Local Security Checks
medium
139844SUSE SLED15 / SLES15 Security Update : apache2 (SUSE-SU-2020:2311-1)NessusSuSE Local Security Checks
high
139736Fedora 32 : mod_http2 (2020-8122a8daa2)NessusFedora Local Security Checks
medium
139609Photon OS 2.0: Httpd PHSA-2020-2.0-0272NessusPhotonOS Local Security Checks
high
139596Ubuntu 16.04 LTS / 18.04 LTS / 20.04 : Apache HTTP Server vulnerabilities (USN-4458-1)NessusUbuntu Local Security Checks
high
139574Apache 2.4.x < 2.4.46 Multiple VulnerabilitiesNessusWeb Servers
high
139439GLSA-202008-04 : Apache: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
139436FreeBSD : Apache httpd -- Multiple vulnerabilities (76700d2f-d959-11ea-b53c-d4c9ef517024)NessusFreeBSD Local Security Checks
high