apache http-server CVE-2020-9490 vulnerability in Apache and Other Products
Published on August 7, 2020

product logo product logo product logo product logo product logo product logo product logo
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD


Products Associated with CVE-2020-9490

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-9490 are published in these products:

Apache HTTP Server
 
Oracle Instantis Enterprisetrack
 
Oracle Hyperion Infrastructure Technology
 
Oracle Enterprise Manager Ops Center
 
Oracle Communications Session Route Manager
 
Oracle Communications Session Report Manager
 
Oracle Communications Element Manager
 
Oracle Zfs Storage Appliance Kit
 
OpenSuse Leap
 
Debian Linux
 
Fedora Project Fedora
 
Canonical Ubuntu Linux
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Enterprise Linux Eus
 
Red Hat Enterprise Linux Server Tus
 
Red Hat Enterprise Linux Server Aus
 
Red Hat Openstack
 
Red Hat Enterprise Linux Server Update Services Sap Solutions
 
Red Hat Enterprise Linux Server Power Little Endian Update Services Sap Solutions
 
Red Hat Enterprise Linux Ibm Z Systems Eus
 
Red Hat Enterprise Linux Ibm Z Systems
 
Red Hat Enterprise Linux Power Little Endian Eus
 
Red Hat Enterprise Linux Power Little Endian
 
Red Hat Openstack For Ibm Power
 

Exploit Probability

EPSS
76.28%
Percentile
98.90%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.