17 matches found
MiracleLinux 8 : httpd:2.4 (AXSA:2020-846:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-846:01 advisory. httpd: Push diary crash on specifically crafted HTTP/2 header CVE-2020-9490 Modularity name: httpd Stream name: 2.4 CVE-2020-9490 Apache HTTP Server versions...
SUSE CVE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...
Amazon Linux 2 : httpd (ALAS-2020-1490)
The version of httpd installed on the remote host is prior to 2.4.46-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1490 advisory. Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE A flaw was found in Apache httpd in...
EulerOS Virtualization for ARM 64 3.0.6.0 : httpd (EulerOS-SA-2020-2018)
According to the versions of the httpd packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCECVE-2020-11984 - Apache HTTP Server...
httpd: Push diary crash on specifically crafted HTTP/2 header
A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability...
httpd: Push diary crash on specifically crafted HTTP/2 header
A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability...
httpd: Push diary crash on specifically crafted HTTP/2 header
A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability...
httpd: Push diary crash on specifically crafted HTTP/2 header
A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability...
Apache 2.4.x < 2.4.46 Multiple Vulnerabilities
According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.46. It is, therefore, affected by multiple vulnerabilities: - modproxyuwsgi info disclosure and possible remote code execution CVE-2020-11984 - When trace/debug was enabled for the HTTP/2 module and on...
BlockDev Sp. Z o.o: A specially crafted value for the 'Cache-Digest' header causing crash in chat.makerdao.com
A specially crafted value for the 'Cache-Digest' header causing crash...
MGASA-2020-0327 Updated apache packages fix security vulnerability
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...
Apache 2.4.x < 2.4.46 Multiple Vulnerabilities
The version of Apache httpd installed on the remote host is prior to 2.4.46. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.46 advisory. - Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE CVE-2020-11984 - Apache HTTP Server versio...
Apache HTTP Server Environment Issues Vulnerabilities
Apache HTTP Server is the United States Apache Software Apache Software Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.20 through 2.4.43, which can be exploited by ...
ALPINE-CVE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...
Design/Logic Flaw
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...
UBUNTU-CVE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...
CVE-2020-9490
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...