You are here

Apache HTTP Server Vulnerabilities Related to Version 2.4.44

IDs: 
CVE-2020-9490, CVE-2020-11984, CVE-2020-11993
Keywords: 
httpd, Apache
Description: 

The Apache HTTP Server version 2.4.44 fixes three vulnerabilities [1].

No action required for Airlock Gateway

Details

  • CVE-2020-9490 Push Diary Crash on Specifically Crafted HTTP/2 Header
    HTTP/2 server push is disabled and not supported by Airlock Gateway.
  • CVE-2020-11984 mod_proxy_uwsgi buffer overflow
    The affected module is not used.
  • CVE-2020-11993: Push Diary Crash on Specifically Crafted HTTP/2 Header
    The default log Level used by Airlock Gateway for mod_http2 is not affected. Log levels above "info" for mod_http2 can be configured using Apache Expert Settings and should not be used for productive deployments.
Resolution: 

No action is required.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required