Apache HTTP Server Early Pushes Memory Corruption Vulnerability

By GIXnews


A vulnerability in the mod_http2 module of the Apache HTTP Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.

The vulnerability is due to a memory corruption condition that could occur on very early pushing by the affected software. An attacker could exploit this vulnerability to overwrite memory in the pushing request pool. A successful exploit could cause the affected software to crash, resulting in a DoS condition.

Apache has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-10081

Source:: Cisco Multivendor Vulnerability Alerts