CVE-2020-11993 vulnerability in Apache and Other Products
Published on August 7, 2020

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Products Associated with CVE-2020-11993

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-11993 are published in these products:

Apache HTTP Server

NetApp Clustered Data Ontap

Oracle Hyperion Infrastructure Technology

Oracle Instantis Enterprisetrack

Canonical Ubuntu Linux

Debian Linux

Fedora Project Fedora

OpenSuse Leap

Oracle Communications Element Manager

Oracle Communications Session Report Manager

Oracle Communications Session Route Manager

Oracle Enterprise Manager Ops Center

Oracle Zfs Storage Appliance Kit

Exploit Probability

EPSS

38.85%

Percentile

97.15%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-11993 vulnerability in Apache and Other ProductsPublished on August 7, 2020

Products Associated with CVE-2020-11993

Exploit Probability

CVE-2020-11993 vulnerability in Apache and Other Products
Published on August 7, 2020