Hide Forgot
A flaw was found in httpd before version 2.4.46. A specially crafted Cache-Digest header triggers negative argument to memmove() that could lead to a crash and denial of service. Upstream patch: http://svn.apache.org/viewvc?view=revision&revision=1880396 https://github.com/icing/mod_h2/commit/b8a8c5061eada0ce3339b24ba1d587134552bc0c
Acknowledgments: Name: the Apache project
This vulnerability is out of security support scope for the following product: * Red Hat JBoss Enterprise Web Server 2 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
Created httpd tracking bugs for this issue: Affects: fedora-all [bug 1868146]
Statement: As per upstream this flaw only affects Apache HTTP Server versions 2.4.20 to 2.4.43. Therefore only httpd packages shipped with Red Hat Enterprise Linux 8 are affected.
External References: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490
Mitigation: Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability.
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3714 https://access.redhat.com/errata/RHSA-2020:3714
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-9490
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3726 https://access.redhat.com/errata/RHSA-2020:3726
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3734 https://access.redhat.com/errata/RHSA-2020:3734
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 6 Via RHSA-2020:3733 https://access.redhat.com/errata/RHSA-2020:3733