CVE-2020-9490
07.08.2020, 16:15
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
| Vendor | Product | Version |
|---|---|---|
| apache | http_server | 2.4.20 ≤ 𝑥 < 2.4.46 |
| oracle | communications_element_manager | 8.2.0 ≤ 𝑥 ≤ 8.2.2 |
| oracle | communications_session_report_manager | 8.2.0 ≤ 𝑥 ≤ 8.2.2 |
| oracle | communications_session_route_manager | 8.2.0 ≤ 𝑥 ≤ 8.2.2 |
| oracle | enterprise_manager_ops_center | 12.4.0.0 |
| oracle | hyperion_infrastructure_technology | 11.1.2.4 |
| oracle | instantis_enterprisetrack | 17.1 |
| oracle | instantis_enterprisetrack | 17.2 |
| oracle | instantis_enterprisetrack | 17.3 |
| oracle | zfs_storage_appliance_kit | 8.8 |
| opensuse | leap | 15.1 |
| opensuse | leap | 15.2 |
| debian | debian_linux | 10.0 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 18.04 |
| canonical | ubuntu_linux | 20.04 |
| redhat | software_collections | 1.0 |
| redhat | openstack | 16.1 |
| redhat | openstack_for_ibm_power | 16.1 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux_eus | 8.1 |
| redhat | enterprise_linux_eus | 8.2 |
| redhat | enterprise_linux_eus | 8.4 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.1 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.2 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.4 |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.6 |
| redhat | enterprise_linux_for_power_little_endian | 8.0 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.1 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.2 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.4 |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.6 |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.1 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.2 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.4 |
| redhat | enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions | 8.6 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server_tus | 8.6 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 8.1 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 8.2 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 8.4 |
| redhat | enterprise_linux_server_update_services_for_sap_solutions | 8.6 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
References