What is CVE-2020-11993?

CVE-2020-11993 is a vulnerability in Apache Http Server. Published 2020-08-07.

Is CVE-2020-11993 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Http Server

CVE-2020-11993

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring…

EPSS: 0.587 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a Apache Http Server — versions 2.4.20 to 2.4.43

Public proof-of-concept exploits

References

httpd.apache.org/security/vulnerabilities_24.html (x_refsource_MISC)
GLSA-202008-04 (vendor-advisory, x_refsource_GENTOO)
[httpd-dev] 20200808 Security announcements for CVE-2020-9490/CVE-2020-11993 ? (mailing-list, x_refsource_MLIST)
[httpd-dev] 20200811 Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities? (mailing-list, x_refsource_MLIST)
[httpd-dev] 20200811 Re: Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities? (mailing-list, x_refsource_MLIST)
USN-4458-1 (vendor-advisory, x_refsource_UBUNTU)
FEDORA-2020-8122a8daa2 (vendor-advisory, x_refsource_FEDORA)
FEDORA-2020-b58dc5df38 (vendor-advisory, x_refsource_FEDORA)
openSUSE-SU-2020:1285 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2020:1293 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2020-11993?: CVE-2020-11993 is a vulnerability in Apache Http Server. Published 2020-08-07.
Is CVE-2020-11993 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.