CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
84.5%
The Apache httpd projec reports:
mod_http2: Important: Push Diary Crash on Specifically
Crafted HTTP/2 Header (CVE-2020-9490)
A specially crafted value for the ‘Cache-Digest’ header in a HTTP/2
request would result in a crash when the server actually tries to
HTTP/2 PUSH a resource afterwards.
mod_proxy_uwsgi: Moderate: mod_proxy_uwsgi buffer overflow
(CVE-2020-11984)
info disclosure and possible RCE
mod_http2: Moderate: Push Diary Crash on Specifically Crafted
HTTP/2 Header (CVE-2020-11993)
When trace/debug was enabled for the HTTP/2 module and on certain
traffic edge patterns, logging statements were made on the wrong
connection, causing concurrent use of memory pools.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
84.5%