vulnerability
FreeBSD: VID-76700d2f-d959-11ea-b53c-d4c9ef517024 (CVE-2020-11984): Apache httpd -- Multiple vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Aug 8, 2020 | Aug 9, 2020 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Aug 8, 2020
Added
Aug 9, 2020
Modified
Dec 10, 2025
Description
The Apache httpd projec reports: mod_http2: Important: Push Diary Crash on Specifically Crafted HTTP/2 Header (CVE-2020-9490) A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. mod_proxy_uwsgi: Moderate: mod_proxy_uwsgi buffer overflow (CVE-2020-11984) info disclosure and possible RCE mod_http2: Moderate: Push Diary Crash on Specifically Crafted HTTP/2 Header (CVE-2020-11993) When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools.
Solutions
freebsd-upgrade-package-apache24freebsd-upgrade-package-mod_http2
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.