A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by mod_http2 at debug/trace log level may lead to potential crashes and denial of service. The highest threat from this vulnerability is to system availability.

References

bugzilla.redhat.com/show_bug.cgi?id=1866564

httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993

nvd.nist.gov/vuln/detail/CVE-2020-11993

www.cve.org/CVERecord?id=CVE-2020-11993

prion 1

alpinelinux 1

osv 5

zdt 1

debiancve 1

cve 1

veracode 1

cbl_mariner 1

httpd 1

ubuntucve 1

fedora 2

nessus 30

ibm 3

openvas 17

suse 3

photon 5

amazon 3

freebsd 1

f5 1

oraclelinux 1

mageia 1

fortinet 1

redhat 3

kaspersky 1

thn 1

rocky 1

almalinux 1

gentoo 1

attackerkb 2

rosalinux 1

debian 2

ubuntu 1

qualysblog 1

oracle 2

prion

Information disclosure

2020-08-07 16:15:00

alpinelinux

CVE-2020-11993

2020-08-07 16:15:00

osv

CVE-2020-11993

2020-08-07 16:15:11

BIT-apache-2020-11993

2024-03-06 10:57:38

Moderate: httpd:2.4 security, bug fix, and enhancement update

2021-05-18 06:08:34

zdt

Apache 2 HTTP2 Module Concurrent Pool Usage Vulnerability

2020-12-08 00:00:00

debiancve

CVE-2020-11993

2020-08-07 16:15:00

cve

CVE-2020-11993

2020-08-07 16:15:00

veracode

Denial Of Service (DoS)

2020-08-11 03:25:00

cbl_mariner

CVE-2020-11993 affecting package httpd 2.4.43-

2021-07-08 21:56:40

httpd

Apache Httpd < 2.4.44 : Push Diary Crash on Specifically Crafted HTTP/2 Header

2020-06-16 00:00:00

ubuntucve

CVE-2020-11993

2020-08-07 00:00:00

fedora

[SECURITY] Fedora 32 Update: mod_http2-1.15.14-1.fc32

2020-08-21 01:11:28

[SECURITY] Fedora 31 Update: mod_http2-1.15.14-1.fc31

2020-08-26 14:41:04

nessus

Fedora 32 : mod_http2 (2020-8122a8daa2)

2020-08-21 00:00:00

Photon OS 1.0: Httpd PHSA-2020-1.0-0313

2020-08-20 00:00:00

Photon OS 3.0: Httpd PHSA-2020-3.0-0125

2020-08-15 00:00:00

ibm

Security Bulletin: Vulnerability in Apache HTTP (CVE-2018-17199 and CVE-2020-11993) affects HMC

2021-11-22 06:10:24

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect IBM i

2020-09-09 14:56:49

Security Bulletin: Rational Build Forge security advisory for Apache HTTP Server

2020-10-27 20:56:56

openvas

Apache HTTP Server 2.4.20 < 2.4.44 Multiple Vulnerabilities - Linux

2020-08-10 00:00:00

SUSE: Security Advisory (SUSE-SU-2020:3067-1)

2021-04-19 00:00:00

openSUSE: Security Advisory for apache2 (openSUSE-SU-2020:1792-1)

2020-11-03 00:00:00

suse

Security update for apache2 (important)

2020-10-31 00:00:00

Security update for apache2 (moderate)

2020-08-30 00:00:00

Security update for apache2 (moderate)

2020-08-29 00:00:00

photon

Critical Photon OS Security Update - PHSA-2020-0125

2020-08-12 00:00:00

Critical Photon OS Security Update - PHSA-2020-3.0-0125

2020-08-12 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0313

2020-08-18 00:00:00

amazon

Important: mod_http2

2020-09-15 17:44:00

Low: httpd24

2020-08-26 23:09:00

Important: httpd

2020-09-15 17:18:00

freebsd

Apache httpd -- Multiple vulnerabilities

2020-08-07 00:00:00

K67175700 : Apache vulnerabilities CVE-2020-9490, CVE-2020-11984, CVE-2020-11993

2020-08-30 00:00:00

oraclelinux

httpd:2.4 security, bug fix, and enhancement update

2021-05-25 00:00:00

mageia

Updated apache packages fix security vulnerability

2020-08-18 20:41:27

fortinet

Multiple Apache Vulnerabilties fixed in 2.4.46

2020-10-05 00:00:00

redhat

(RHSA-2021:1809) Moderate: httpd:2.4 security, bug fix, and enhancement update

2021-05-18 06:08:34

(RHSA-2020:4383) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP5 security update

2020-10-28 15:45:34

(RHSA-2020:4384) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP5 security update

2020-10-28 15:46:06

kaspersky

KLA12368 Multiple vulnerabilities in Apache HTTP Server

2020-08-07 00:00:00

thn

Google Researcher Reported 3 Flaws in Apache Web Server Software

2020-08-25 06:52:00

rocky

httpd:2.4 security, bug fix, and enhancement update

2021-05-18 06:08:34

almalinux

Moderate: httpd:2.4 security, bug fix, and enhancement update

2021-05-18 06:08:34

gentoo

Apache: Multiple vulnerabilities

2020-08-08 00:00:00

attackerkb

CVE-2020-9490

2020-08-07 00:00:00

CVE-2020-11984 — Multiple Vulnerabilities in Apache Web Server Could Allow for Remote Code Execution

2020-08-07 00:00:00

rosalinux

Advisory ROSA-SA-2023-2155

2023-04-18 12:09:43

debian

[SECURITY] [DSA 4757-1] apache2 security update

2020-08-31 15:10:58

[SECURITY] [DSA 4757-1] apache2 security update

2020-08-31 15:10:58

ubuntu

Apache HTTP Server vulnerabilities

2020-08-13 00:00:00

qualysblog

Mitigating the Risk of Zero-Day Vulnerabilities by using Compensating Controls

2022-08-23 10:46:04

oracle

Oracle Critical Patch Update Advisory - January 2021

2021-01-19 00:00:00

Oracle Critical Patch Update Advisory - October 2020

2020-10-20 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for RH:CVE-2020-11993