Test ID:	1.3.6.1.4.1.25623.1.0.114148
Category:	Web Servers
Title:	Apache HTTP Server 2.4.20 - 2.4.39 Multiple Vulnerabilities - Windows
Summary:	Apache HTTP Server is prone to multiple vulnerabilities.
Description:	Summary: Apache HTTP Server is prone to multiple vulnerabilities. Vulnerability Insight: Apache HTTP server is prone to multiple vulnerabilities: - A malicious client could perform a DoS attack by flooding a connection with requests and basically never reading responses on the TCP connection. Depending on h2 worker dimensioning, it was possible to block those with relatively few connections. (CVE-2019-9517) - HTTP/2 very early pushes, for example configured with 'H2PushResource', could lead to an overwrite of memory in the pushing request's pool, leading to crashes. The memory copied is that of the configured push link header values, not data supplied by the client. (CVE-2019-10081) Affected Software/OS: Apache HTTP Server version 2.4.20 to 2.4.39. Solution: Update to version 2.4.41 or later. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-9517 Bugtraq: 20190826 [SECURITY] [DSA 4509-1] apache2 security update (Google Search) https://seclists.org/bugtraq/2019/Aug/47 CERT/CC vulnerability note: VU#605641 https://kb.cert.org/vuls/id/605641/ Debian Security Information: DSA-4509 (Google Search) https://www.debian.org/security/2019/dsa-4509 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BP556LEG3WENHZI5TAQ6ZEBFTJB4E2IS/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CMNFX5MNYRWWIMO4BTKYQCGUDMHO3AXP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XHTKU7YQ5EEP2XNSAV4M4VJ7QCBOJMOD/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ZQGHE3WTYLYAYJEIDJVF2FIGQTAYPMC/ https://security.gentoo.org/glsa/201909-04 https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://lists.apache.org/thread.html/4610762456644181b267c846423b3a990bd4aaea1886ecc7d51febdb@%3Cannounce.httpd.apache.org%3E https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d@%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/ec97fdfc1a859266e56fef084353a34e0a0b08901b3c1aa317a43c8c@%3Cdev.httpd.apache.org%3E https://lists.apache.org/thread.html/d89f999e26dfb1d50f247ead1fe8538014eb412b2dbe5be4b1a9ef50@%3Cdev.httpd.apache.org%3E http://www.openwall.com/lists/oss-security/2019/08/15/7 RedHat Security Advisories: RHSA-2019:2893 https://access.redhat.com/errata/RHSA-2019:2893 RedHat Security Advisories: RHSA-2019:2925 https://access.redhat.com/errata/RHSA-2019:2925 RedHat Security Advisories: RHSA-2019:2939 https://access.redhat.com/errata/RHSA-2019:2939 RedHat Security Advisories: RHSA-2019:2946 https://access.redhat.com/errata/RHSA-2019:2946 RedHat Security Advisories: RHSA-2019:2949 https://access.redhat.com/errata/RHSA-2019:2949 RedHat Security Advisories: RHSA-2019:2950 https://access.redhat.com/errata/RHSA-2019:2950 RedHat Security Advisories: RHSA-2019:2955 https://access.redhat.com/errata/RHSA-2019:2955 RedHat Security Advisories: RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3932 RedHat Security Advisories: RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3933 RedHat Security Advisories: RHSA-2019:3935 https://access.redhat.com/errata/RHSA-2019:3935 SuSE Security Announcement: openSUSE-SU-2019:2051 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00004.html SuSE Security Announcement: openSUSE-SU-2019:2114 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00032.html SuSE Security Announcement: openSUSE-SU-2019:2115 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00031.html https://usn.ubuntu.com/4113-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-10081 https://security.netapp.com/advisory/ntap-20190905-0003/ https://support.f5.com/csp/article/K84341091?utm_source=f5support&utm_medium=RSS https://httpd.apache.org/security/vulnerabilities_24.html https://www.oracle.com/security-alerts/cpujul2020.html
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.