Rewterz Threat Advisory – CVE-2020-6554 – Google Chrome code execution
August 11, 2020Rewterz Threat Advisory – CVE-2020-11985 – Apache HTTP Server spoofing
August 11, 2020Rewterz Threat Advisory – CVE-2020-6554 – Google Chrome code execution
August 11, 2020Rewterz Threat Advisory – CVE-2020-11985 – Apache HTTP Server spoofing
August 11, 2020Severity
Medium
Analysis Summary
Apache HTTP Server is vulnerable to a denial of service, caused by a flaw when the server tries to HTTP/2 PUSH a resource afterwards. By using a specially-crafted value for the “Cache-Digest” header, a remote attacker could exploit this vulnerability to cause the application to crash.
Impact
Denial of Service
Affected Vendors
Apache
Affected Products
Apache HTTP Server
Remediation
Upgrade to the latest version of Apache HTTP Server (2.4.44 or later).