First published: Fri Aug 07 2020(Updated: )
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
ubuntu/apache2 | <2.4.29-1ubuntu4.14 | 2.4.29-1ubuntu4.14 |
ubuntu/apache2 | <2.4.41-4ubuntu3.1 | 2.4.41-4ubuntu3.1 |
ubuntu/apache2 | <2.4.44 | 2.4.44 |
>=2.4.20<2.4.46 | ||
>=8.2.0<=8.2.2 | ||
>=8.2.0<=8.2.2 | ||
>=8.2.0<=8.2.2 | ||
=12.4.0.0 | ||
=11.1.2.4 | ||
=17.1 | ||
=17.2 | ||
=17.3 | ||
=8.8 | ||
=15.1 | ||
=15.2 | ||
=10.0 | ||
=31 | ||
=32 | ||
=16.04 | ||
=18.04 | ||
=20.04 | ||
All of | ||
=1.0 | ||
Any of | ||
=6.0 | ||
=7.0 | ||
=7.6 | ||
=7.7 | ||
=16.1 | ||
=16.1 | ||
=8.0 | ||
=8.1 | ||
=8.2 | ||
=8.4 | ||
=8.6 | ||
=8.0 | ||
=8.1 | ||
=8.2 | ||
=8.4 | ||
=8.6 | ||
=8.0 | ||
=8.1 | ||
=8.2 | ||
=8.4 | ||
=8.6 | ||
=8.2 | ||
=8.4 | ||
=8.6 | ||
=8.1 | ||
=8.2 | ||
=8.4 | ||
=8.6 | ||
=8.2 | ||
=8.4 | ||
=8.6 | ||
=8.1 | ||
=8.2 | ||
=8.4 | ||
=8.6 | ||
Apache HTTP server | >=2.4.20<2.4.46 | |
Oracle Communications Element Manager | >=8.2.0<=8.2.2 | |
Oracle Communications Session Report Manager | >=8.2.0<=8.2.2 | |
Oracle Communications Session Route Manager | >=8.2.0<=8.2.2 | |
Oracle Enterprise Manager Ops Center | =12.4.0.0 | |
Oracle Hyperion Infrastructure Technology | =11.1.2.4 | |
Oracle Instantis Enterprisetrack | =17.1 | |
Oracle Instantis Enterprisetrack | =17.2 | |
Oracle Instantis Enterprisetrack | =17.3 | |
Oracle ZFS Storage Appliance Kit | =8.8 | |
openSUSE Leap | =15.1 | |
openSUSE Leap | =15.2 | |
Debian Debian Linux | =10.0 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =20.04 | |
Redhat Software Collections | =1.0 | |
Redhat Enterprise Linux | =6.0 | |
Redhat Enterprise Linux | =7.0 | |
Redhat Enterprise Linux | =7.6 | |
Redhat Enterprise Linux | =7.7 | |
Redhat Openstack | =16.1 | |
Redhat Openstack For Ibm Power | =16.1 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Eus | =8.1 | |
Redhat Enterprise Linux Eus | =8.2 | |
Redhat Enterprise Linux Eus | =8.4 | |
Redhat Enterprise Linux Eus | =8.6 | |
Redhat Enterprise Linux For Ibm Z Systems | =8.0 | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =8.1 | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =8.2 | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =8.4 | |
Redhat Enterprise Linux For Ibm Z Systems Eus | =8.6 | |
Redhat Enterprise Linux For Power Little Endian | =8.0 | |
Redhat Enterprise Linux For Power Little Endian Eus | =8.1 | |
Redhat Enterprise Linux For Power Little Endian Eus | =8.2 | |
Redhat Enterprise Linux For Power Little Endian Eus | =8.4 | |
Redhat Enterprise Linux For Power Little Endian Eus | =8.6 | |
Redhat Enterprise Linux Server Aus | =8.2 | |
Redhat Enterprise Linux Server Aus | =8.4 | |
Redhat Enterprise Linux Server Aus | =8.6 | |
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.1 | |
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.2 | |
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.4 | |
Redhat Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions | =8.6 | |
Redhat Enterprise Linux Server Tus | =8.2 | |
Redhat Enterprise Linux Server Tus | =8.4 | |
Redhat Enterprise Linux Server Tus | =8.6 | |
Redhat Enterprise Linux Server Update Services For Sap Solutions | =8.1 | |
Redhat Enterprise Linux Server Update Services For Sap Solutions | =8.2 | |
Redhat Enterprise Linux Server Update Services For Sap Solutions | =8.4 | |
Redhat Enterprise Linux Server Update Services For Sap Solutions | =8.6 | |
debian/apache2 | 2.4.38-3+deb10u8 2.4.38-3+deb10u10 2.4.56-1~deb11u2 2.4.56-1~deb11u1 2.4.57-2 2.4.58-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.