VuXML: Apache httpd -- Multiple vulnerabilities

VuXML ID	76700d2f-d959-11ea-b53c-d4c9ef517024
Discovery	2020-08-07
Entry	2020-08-08
Modified	2020-08-08

The Apache httpd projec reports:

mod_http2: Important: Push Diary Crash on Specifically Crafted HTTP/2 Header (CVE-2020-9490)
A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards.

mod_proxy_uwsgi: Moderate: mod_proxy_uwsgi buffer overflow (CVE-2020-11984)
info disclosure and possible RCE

mod_http2: Moderate: Push Diary Crash on Specifically Crafted HTTP/2 Header (CVE-2020-11993)
When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools.

[source]

CVE Name	CVE-2020-11984
CVE Name	CVE-2020-11993
CVE Name	CVE-2020-9490
URL	https://downloads.apache.org/httpd/CHANGES_2.4.46
URL	https://httpd.apache.org/security/vulnerabilities_24.html

Apache httpd -- Multiple vulnerabilities

Details

References