Apache HTTP Server Multiple Vulnerabilities (Linux)

Technical Details

Severity Level:

High Severity

CVSS Score:

7.8

CVSS Base Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Detection Type:
Remote Banner Unreliable

Solution Type:
Vendor Patch

Summary:
Apache HTTP server is prone to multiple vulnerabilities.

Technical Details:
Apache HTTP server is prone to multiple vulnerabilities: - A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections. (CVE-2019-9517) - HTTP/2 very early pushes, for example configured with 'H2PushResource', could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. (CVE-2019-10081)

Detection Method:
Checks if a vulnerable version is present on the target host.

Affected Versions:
Apache HTTP server version 2.4.20 to 2.4.39.

Recommendations:
Update to version 2.4.41 or later.

Family:

Web Servers

Creation Time:

2019-10-18 13:37:30

Modification Time:

2019-10-18 14:24:52

Find and Fix this Vulnerability:

Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition

NVD CVE ID:
CVE-2019-9517
CVE-2019-10081

Don't pay for a vulnerability scanning and management platform. This one is free.

Mageni provides a free vulnerability scanning and management platform which helps you need to find, prioritize, remediate and manage your vulnerabilities.