Vulnerability Database

289,599

Total vulnerabilities in the database

CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.

  • Published: Aug 7, 2020
  • Updated: Apr 14, 2023
  • CVE: CVE-2020-9490
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:N/A:P

CWEs:

Software From Fixed in
apache / http_server 2.4.20 2.4.46
oracle / instantis_enterprisetrack 17.1 17.1.x
oracle / instantis_enterprisetrack 17.2 17.2.x
oracle / instantis_enterprisetrack 17.3 17.3.x
oracle / hyperion_infrastructure_technology 11.1.2.4 11.1.2.4.x
oracle / enterprise_manager_ops_center 12.4.0.0 12.4.0.0.x
oracle / communications_session_route_manager 8.2.0 8.2.2.x
oracle / communications_session_report_manager 8.2.0 8.2.2.x
oracle / communications_element_manager 8.2.0 8.2.2.x
oracle / zfs_storage_appliance_kit 8.8 8.8.x
opensuse / leap 15.1 15.1.x
opensuse / leap 15.2 15.2.x
debian / debian_linux 10.0 10.0.x
fedoraproject / fedora 31 31.x
fedoraproject / fedora 32 32.x
canonical / ubuntu_linux 18.04 18.04.x
canonical / ubuntu_linux 20.04 20.04.x
canonical / ubuntu_linux 16.04 16.04.x
redhat / software_collections 1.0 1.0.x
redhat / enterprise_linux 8.0 8.0.x
redhat / enterprise_linux_eus 8.1 8.1.x
redhat / enterprise_linux_eus 8.2 8.2.x
redhat / enterprise_linux_server_tus 8.2 8.2.x
redhat / enterprise_linux_server_aus 8.2 8.2.x
redhat / openstack 16.1 16.1.x
redhat / enterprise_linux_server_tus 8.4 8.4.x
redhat / enterprise_linux_eus 8.4 8.4.x
redhat / enterprise_linux_server_aus 8.4 8.4.x
redhat / enterprise_linux_server_update_services_for_sap_solutions 8.2 8.2.x
redhat / enterprise_linux_server_update_services_for_sap_solutions 8.4 8.4.x
redhat / enterprise_linux_server_update_services_for_sap_solutions 8.1 8.1.x
redhat / enterprise_linux_for_power_little_endian_eus 8.2 8.2.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.2 8.2.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.1 8.1.x
redhat / enterprise_linux_for_power_little_endian_eus 8.1 8.1.x
redhat / enterprise_linux_for_power_little_endian 8.0 8.0.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.4 8.4.x
redhat / enterprise_linux_for_ibm_z_systems 8.0 8.0.x
redhat / enterprise_linux_for_power_little_endian_eus 8.4 8.4.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1 8.1.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2 8.2.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4 8.4.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6 8.6.x
redhat / enterprise_linux_server_update_services_for_sap_solutions 8.6 8.6.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.6 8.6.x
redhat / enterprise_linux_server_aus 8.6 8.6.x
redhat / enterprise_linux_server_tus 8.6 8.6.x
redhat / enterprise_linux_eus 8.6 8.6.x
redhat / enterprise_linux_for_power_little_endian_eus 8.6 8.6.x
redhat / openstack_for_ibm_power 16.1 16.1.x