What is CVE-2020-9490?

CVE-2020-9490 is a vulnerability in Apache Http Server. Published 2020-08-07.

Is CVE-2020-9490 known to be exploited?

20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Http Server

CVE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 f…

EPSS: 0.763 (99.0th percentile) — read the EPSS interpretation.

Affected products

N/a Apache Http Server — versions 2.4.20 to 2.4.43

Public proof-of-concept exploits

References

httpd.apache.org/security/vulnerabilities_24.html (x_refsource_MISC)
GLSA-202008-04 (vendor-advisory, x_refsource_GENTOO)
[httpd-dev] 20200808 Security announcements for CVE-2020-9490/CVE-2020-11993 ? (mailing-list, x_refsource_MLIST)
[httpd-dev] 20200811 Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities? (mailing-list, x_refsource_MLIST)
[httpd-dev] 20200811 Re: Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities? (mailing-list, x_refsource_MLIST)
USN-4458-1 (vendor-advisory, x_refsource_UBUNTU)
FEDORA-2020-8122a8daa2 (vendor-advisory, x_refsource_FEDORA)
FEDORA-2020-b58dc5df38 (vendor-advisory, x_refsource_FEDORA)
openSUSE-SU-2020:1285 (vendor-advisory, x_refsource_SUSE)
openSUSE-SU-2020:1293 (vendor-advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2020-9490?: CVE-2020-9490 is a vulnerability in Apache Http Server. Published 2020-08-07.
Is CVE-2020-9490 known to be exploited?: 20 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.