CVE Record: CVE-2020-11993

Required CVE Record Information

Description

Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers.

Product Status

Learn more

Versions 1 Total

Default Status: unknown

affected

References 26 Total

Updated: 2024-08-04

This container includes required additional information provided by the CVE Program for this vulnerability.

References 26 Total

https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993
external site
x_transferred
security.gentoo.org: GLSA-202008-04
external site
vendor-advisoryx_transferred
lists.apache.org: [httpd-dev] 20200808 Security announcements for CVE-2020-9490/CVE-2020-11993 ?
external site
mailing-listx_transferred
lists.apache.org: [httpd-dev] 20200811 Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?
external site
mailing-listx_transferred
lists.apache.org: [httpd-dev] 20200811 Re: Which version fixed the CVE-2020-9490, CVE-2020-11984 and CVE-2020-11993 vulnerabilities?
external site
mailing-listx_transferred
usn.ubuntu.com: USN-4458-1
external site
vendor-advisoryx_transferred
lists.fedoraproject.org: FEDORA-2020-8122a8daa2
external site
vendor-advisoryx_transferred
lists.fedoraproject.org: FEDORA-2020-b58dc5df38
external site
vendor-advisoryx_transferred
lists.opensuse.org: openSUSE-SU-2020:1285
external site
vendor-advisoryx_transferred
lists.opensuse.org: openSUSE-SU-2020:1293
external site
vendor-advisoryx_transferred
debian.org: DSA-4757
external site
vendor-advisoryx_transferred
https://www.oracle.com/security-alerts/cpuoct2020.html
external site
x_transferred
https://security.netapp.com/advisory/ntap-20200814-0005/
external site
x_transferred
lists.opensuse.org: openSUSE-SU-2020:1792
external site
vendor-advisoryx_transferred
https://www.oracle.com/security-alerts/cpujan2021.html
external site
x_transferred
http://packetstormsecurity.com/files/160393/Apache-2-HTTP2-Module-Concurrent-Pool-Usage.html
external site
x_transferred
lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
external site
mailing-listx_transferred
lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073143 [3/3] - in /websites/staging/httpd/trunk/content: ./ security/
external site
mailing-listx_transferred
lists.apache.org: [httpd-cvs] 20210330 svn commit: r1888194 [13/13] - /httpd/site/trunk/content/security/json/
external site
mailing-listx_transferred
lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073140 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
external site
mailing-listx_transferred
lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073139 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
external site
mailing-listx_transferred
lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
external site
mailing-listx_transferred
lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073149 [13/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
external site
mailing-listx_transferred
lists.apache.org: [httpd-cvs] 20210330 svn commit: r1073171 - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-11984.json security/json/CVE-2020-11993.json security/vulnerabilities_24.html
external site
mailing-listx_transferred
lists.apache.org: [httpd-cvs] 20210330 svn commit: r1888228 - in /httpd/site/trunk/content/security/json: CVE-2020-11984.json CVE-2020-11993.json
external site
mailing-listx_transferred
lists.apache.org: [httpd-cvs] 20210606 svn commit: r1075470 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
external site
mailing-listx_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: Apache Software Foundation

Description

Product Status

References 26 Total

CVE Program

References 26 Total