2 matches found
SUSE SLES12 Security Update : apache2 (SUSE-SU-2020:2450-1)
This update for apache2 fixes the following issues : CVE-2020-9490: Fixed a crash caused by a specially crafted value for the 'Cache-Digest' header in a HTTP/2 request bsc1175071. CVE-2020-11985: IP address spoofing when proxying using modremoteip and modrewrite bsc1175072. CVE-2020-11993: When...
Apache Httpd < 2.4.44 : Push Diary Crash on Specifically Crafted HTTP/2 Header
In Apache HTTP Server versions 2.4.20 to 2.4.43, when trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of modhttp2 above "info" will mitigate...