Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Apache HTTP Server Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability - CVE-2020-9490 - Vulnerability Database
Apache HTTP Server

Apache HTTP Server Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability - CVE-2020-9490

High
Reference: CVE-2020-9490
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2020-9490
Title: Apache HTTP Server Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability
Overview:

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 39Cache-Digest39 header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via quotH2Push offquot will mitigate this vulnerability for unpatched servers.