Lucene search
K

50 matches found

RedHat Linux
RedHat Linux
added 2020/09/10 1:10 p.m.3 views

httpd: Push diary crash on specifically crafted HTTP/2 header

A flaw was found in Apache httpd in versions prior to 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove that could lead to a crash and denial of service. The highest threat from this vulnerability is to system availability...

7.5CVSS7.1AI score0.89744EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2020/09/09 12:0 a.m.72 views

Apache 2.4.x < 2.4.46 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.46. It is, therefore, affected by multiple vulnerabilities: - modproxyuwsgi info disclosure and possible remote code execution CVE-2020-11984 - When trace/debug was enabled for the HTTP/2 module and on...

9.8CVSS9.4AI score0.90039EPSS
Exploits4References5
Hacker One
Hacker One
added 2020/09/02 8:58 a.m.54 views

BlockDev Sp. Z o.o: A specially crafted value for the 'Cache-Digest' header causing crash in chat.makerdao.com

A specially crafted value for the 'Cache-Digest' header causing crash...

5CVSS1.4AI score0.89744EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/08/31 12:0 a.m.51 views

Amazon Linux AMI : httpd24 (ALAS-2020-1418)

The version of httpd24 installed on the remote host is prior to 2.4.46-1.90. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1418 advisory. 2024-10-09: CVE-2020-11984 was removed from this advisory. 2024-10-09: CVE-2020-9490 was removed from this advisory. 2024-10-09:...

9.8CVSS6.8AI score0.90039EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2020/08/28 12:0 a.m.53 views

EulerOS 2.0 SP8 : httpd (EulerOS-SA-2020-1854)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging...

9.8CVSS6.8AI score0.90039EPSS
Exploits4References4
The Hacker News
The Hacker News
added 2020/08/25 6:52 a.m.163 views

Google Researcher Reported 3 Flaws in Apache Web Server Software

If your web-server runs on Apache, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the...

9.8CVSS1.9AI score0.90039EPSS
Exploits4
OSV
OSV
added 2020/08/24 6:15 p.m.3 views

DEBIAN-CVE-2020-24606

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cachepeer is used with the cache digests feature. The problem exists because...

7.5CVSS6.9AI score0.05162EPSS
Exploits0References1
NVD
NVD
added 2020/08/24 6:15 p.m.18 views

CVE-2020-24606

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cachepeer is used with the cache digests feature. The problem exists because...

8.6CVSS8.3AI score0.05162EPSS
Exploits0References14
OSV
OSV
added 2020/08/24 6:15 p.m.33 views

CVE-2020-24606

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cachepeer is used with the cache digests feature. The problem exists because...

7.5CVSS6.5AI score
Exploits0References14
UbuntuCve
UbuntuCve
added 2020/08/24 6:15 p.m.32 views

CVE-2020-24606

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cachepeer is used with the cache digests feature. The problem exists because...

8.6CVSS6.8AI score0.05162EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2020/08/24 6:15 p.m.9 views

CVE-2020-24606

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cachepeer is used with the cache digests feature. The problem exists because...

8.6CVSS5.4AI score0.05162EPSS
Exploits0References21
Cvelist
Cvelist
added 2020/08/24 5:6 p.m.29 views

CVE-2020-24606

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cachepeer is used with the cache digests feature. The problem exists because...

8.6CVSS7.8AI score0.05162EPSS
Exploits0References14
CVE
CVE
added 2020/08/24 5:6 p.m.499 views

CVE-2020-24606

Squid vulnerability CVE-2020-24606 affects Squid 4.13 and 5.x prior to 5.0.4, where a trusted peer can cause a Denial of Service by exhausting CPU cycles while handling a crafted Cache Digest response. Root cause: peerDigestHandleReply() livelock due to EOF mishandling in peer_digest.cc. Impact i...

8.6CVSS7.3AI score0.05162EPSS
Exploits0References14Affected Software1
Debian CVE
Debian CVE
added 2020/08/24 5:6 p.m.32 views

CVE-2020-24606

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cachepeer is used with the cache digests feature. The problem exists because...

8.6CVSS7.1AI score0.05162EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2020/08/24 5:6 p.m.39 views

CVE-2020-24606

Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cachepeer is used with the cache digests feature. The problem exists because...

8.6CVSS7.5AI score0.05162EPSS
Exploits0
OSV
OSV
added 2020/08/18 5:41 p.m.33 views

MGASA-2020-0327 Updated apache packages fix security vulnerability

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

9.8CVSS9AI score0.90039EPSS
Exploits4References4
Microsoft CVE
Microsoft CVE
added 2020/08/18 7:0 a.m.5 views

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

...

7.5CVSS7AI score0.89744EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/08/13 12:0 a.m.4128 views

Apache 2.4.x < 2.4.46 Multiple Vulnerabilities

The version of Apache httpd installed on the remote host is prior to 2.4.46. It is, therefore, affected by multiple vulnerabilities as referenced in the 2.4.46 advisory. - Apache HTTP server 2.4.32 to 2.4.44 modproxyuwsgi info disclosure and possible RCE CVE-2020-11984 - Apache HTTP Server versio...

9.8CVSS6.8AI score0.90039EPSS
Exploits4References3
CNVD
CNVD
added 2020/08/11 12:0 a.m.37 views

Apache HTTP Server Environment Issues Vulnerabilities

Apache HTTP Server is the United States Apache Software Apache Software Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security vulnerability exists in Apache HTTP Server versions 2.4.20 through 2.4.43, which can be exploited by ...

7.5CVSS8.4AI score0.89744EPSS
Exploits0References1
NVD
NVD
added 2020/08/07 4:15 p.m.30 views

CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

7.5CVSS8.4AI score0.89744EPSS
Exploits0References29
Rows per page
Query Builder