A vulnerability was found in Apache httpd, in mod_http2. Under certain circumstances, HTTP/2 early pushes could lead to memory corruption, causing a server to crash.

Mitigation

This flaw is only exploitable if Apache httpd is configured to respond to HTTP/2 requests, which is done by including "h2" or "h2c" in the "Protocols" list in a configuration file. The following command can be used to search for possible vulnerable configurations:

grep -R &#x27;^\s*Protocols\&gt;.*\&lt;h2\&gt;&#x27; /etc/httpd/

See <https://httpd.apache.org/docs/2.4/mod/mod_http2.html>

References

bugzilla.redhat.com/show_bug.cgi?id=1743966

httpd.apache.org/security/vulnerabilities_24.html

nvd.nist.gov/vuln/detail/CVE-2019-10081

www.cve.org/CVERecord?id=CVE-2019-10081

nvd 1

veracode 1

cvelist 1

httpd 1

osv 4

cve 1

alpinelinux 1

prion 1

f5 1

debiancve 1

ubuntucve 1

hackerone 1

openvas 12

photon 6

nessus 23

ibm 3

suse 1

gentoo 1

freebsd 1

kaspersky 1

mageia 1

slackware 1

amazon 1

debian 2

ubuntu 2

redhat 3

rocky 1

almalinux 1

oraclelinux 1

symantec 1

oracle 3

nvd

CVE-2019-10081

2019-08-15 22:15:12

veracode

Denial Of Service (DoS)

2020-04-07 00:46:41

cvelist

CVE-2019-10081

2019-08-15 21:02:49

httpd

Apache Httpd < 2.4.41 : mod_http2, memory corruption on early pushes

2019-04-10 00:00:00

osv

CVE-2019-10081

2019-08-15 22:15:12

apache2 - security update

2019-08-26 00:00:00

Moderate: httpd:2.4 security, bug fix, and enhancement update

2020-11-03 12:33:02

cve

CVE-2019-10081

2019-08-15 22:15:12

alpinelinux

CVE-2019-10081

2019-08-15 22:15:12

prion

Design/Logic Flaw

2019-08-15 22:15:00

K84341091 : Apache2 vulnerability CVE-2019-10081

2019-10-21 00:00:00

debiancve

CVE-2019-10081

2019-08-15 22:15:12

ubuntucve

CVE-2019-10081

2019-08-15 00:00:00

hackerone

Internet Bug Bounty: mod_http2, memory corruption on early pushes (CVE-2019-10081)

2019-08-20 14:14:29

openvas

Apache HTTP Server 2.4.20 - 2.4.39 Multiple Vulnerabilities - Linux

2019-10-18 00:00:00

Apache HTTP Server 2.4.20 - 2.4.39 Multiple Vulnerabilities - Windows

2019-10-18 00:00:00

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2020-1359)

2020-04-01 00:00:00

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0178

2019-10-03 00:00:00

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0253

2019-10-15 00:00:00

Critical Photon OS Security Update - PHSA-2019-0253

2019-10-15 00:00:00

nessus

Photon OS 1.0: Httpd PHSA-2019-1.0-0253

2019-10-22 00:00:00

Photon OS 2.0: Httpd PHSA-2019-2.0-0178

2019-10-07 00:00:00

Photon OS 3.0: Httpd PHSA-2019-3.0-0035

2019-10-22 00:00:00

ibm

Security Bulletin: Aspera Web Applications (Faspex, Console, Shares) are affected by Apache Vulnerabilities (CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10098), )

2020-02-07 02:02:44

Security Bulletin: Multiple vulnerabilities in the IBM i HTTP Server affect IBM i.

2019-12-18 14:26:38

Security Bulletin: Multiple vulnerabilities in Apache HTTP Server affect Rational Build Forge (CVE-2019-9517, CVE-2019-10081, CVE-2019-10082, CVE-2019-10092, CVE-2019-10097, CVE-2019-10098)

2019-09-30 12:42:18

suse

Security update for apache2 (important)

2019-09-02 00:00:00

gentoo

Apache: Multiple vulnerabilities

2019-09-06 00:00:00

freebsd

Apache -- Multiple vulnerabilities

2019-08-14 00:00:00

kaspersky

KLA12366 Multiple vulnerabilities in Apache HTTP Server

2019-08-14 00:00:00

mageia

Updated apache packages fix security vulnerabilities

2019-12-25 22:08:41

slackware

[slackware-security] httpd

2020-03-31 19:45:57

amazon

Medium: httpd24

2019-10-18 23:22:00

debian

[SECURITY] [DSA 4509-1] apache2 security update

2019-08-26 19:52:07

[SECURITY] [DSA 4509-1] apache2 security update

2019-08-26 19:52:07

ubuntu

Apache HTTP Server regression

2019-09-17 00:00:00

Apache HTTP Server vulnerabilities

2019-08-29 00:00:00

redhat

(RHSA-2020:1337) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update

2020-04-06 19:02:25

(RHSA-2020:1336) Moderate: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP2 security update

2020-04-06 19:02:18

(RHSA-2020:4751) Moderate: httpd:2.4 security, bug fix, and enhancement update

2020-11-03 12:33:02

rocky

httpd:2.4 security, bug fix, and enhancement update

2020-11-03 12:33:02

almalinux

Moderate: httpd:2.4 security, bug fix, and enhancement update

2020-11-03 12:33:02

oraclelinux

httpd:2.4 security, bug fix, and enhancement update

2020-11-10 00:00:00

symantec

Apache HTTP Server Vulnerabilities Jan 2019 - Apr 2020

2020-06-12 20:41:37

oracle

Oracle Critical Patch Update Advisory - October 2019

2020-01-22 00:00:00

Oracle Critical Patch Update Advisory - July 2020

2020-07-14 00:00:00

Oracle Critical Patch Update Advisory - April 2020

2020-04-14 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

0.007 Low

EPSS

Percentile

80.8%

JSON

Related for RH:CVE-2019-10081