mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-12 17:32:18 +02:00
0xMarcio
1.6 KiB
1.6 KiB
CVE-2020-9490
Description
Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers.
POC
Reference
- http://packetstormsecurity.com/files/160392/Apache-2.4.43-mod_http2-Memory-Corruption.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.oracle.com/security-alerts/cpuoct2020.html
Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/Dheia/sc-main
- https://github.com/Elsfa7-110/kenzer-templates
- https://github.com/Live-Hack-CVE/CVE-2020-9490
- https://github.com/PierreChrd/py-projet-tut
- https://github.com/Solhack/Team_CSI_platform
- https://github.com/Totes5706/TotesHTB
- https://github.com/austin-lai/External-Penetration-Testing-Holo-Corporate-Network-TryHackMe-Holo-Network
- https://github.com/hound672/BlackBox-CI-CD-script
- https://github.com/vshaliii/Funbox2-rookie
- https://github.com/vshaliii/Vegeta1-Vulhub-Walkthrough