Vulnerability Details

Apache HTTP Server Multiple Vulnerabilities (Windows)

Published: 2019-10-18 13:43:41
CVE Author: NIST National Vulnerability Database

CVSS Base Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C

Detection Type:
Remote Banner

Solution Type:
Vendor Patch

Summary:
Apache HTTP server is prone to multiple vulnerabilities.

Technical Details:
Apache HTTP server is prone to multiple vulnerabilities: - A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections. (CVE-2019-9517) - HTTP/2 very early pushes, for example configured with 'H2PushResource', could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. (CVE-2019-10081)

Detection Method:
Checks if a vulnerable version is present on the target host.

Affected Versions:
Apache HTTP server version 2.4.20 to 2.4.39.

Recommendations:
Update to version 2.4.41 or later.

NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)

https://nvd.nist.gov/vuln/detail/CVE-2019-9517
https://nvd.nist.gov/vuln/detail/CVE-2019-10081

CVE Analysis

https://www.mageni.net/cve/CVE-2019-9517
https://www.mageni.net/cve/CVE-2019-10081

References:

https://httpd.apache.org/security/vulnerabilities_24.html

Severity
High
CVSS Score
7.8
Published
2019-10-18
Modified
2019-10-18
Category
Web Servers

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.