Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
06 Jun 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-08-07 16:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-11993
Mitre link : CVE-2020-11993
CVE.ORG link : CVE-2020-11993
JSON object : View
Products Affected
oracle
- communications_element_manager
- communications_session_report_manager
- enterprise_manager_ops_center
- hyperion_infrastructure_technology
- zfs_storage_appliance_kit
- communications_session_route_manager
- instantis_enterprisetrack
debian
- debian_linux
netapp
- clustered_data_ontap
canonical
- ubuntu_linux
opensuse
- leap
apache
- http_server
fedoraproject
- fedora
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')